Joomla! Component jesubmit 1.4 - SQL Injection

EDB-ID:

14054




Platform:

PHP

Date:

2010-06-25


Exploit Title: Joomla JE Story submit SQL Injection
Vendor url:http://joomlaextensions.co.in
Version:1.4
Greetz to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat, Sai, KD, M4n0j.
Special Greetz: Topsecure.net, inj3ct0r Team ,Andhrahackers.com
Shoutzz:- To all ICW members.
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Description:
100% MVC structure follow. User can add your stories in joomla article.

Front end:

User can add stories. Admin and users get mail after user adds the story. Admin approve than show up in front-end. CAPTCHA code feature is available in front end side. User can upload images.

Back end:

Admin can configure the section, category and email address.
For Joomla Version: Joomla 1.5. Login here for free download.
Also admin can select the category and section what ever they want. Select section functionality using Ajax.
Admin email format also user email format setting from back-end. Easy to make or change email format using wysing editor.
Admin can disable and enable the category/section selection option.

Support the Joomla 1.5.


Features:-
- Admin can configure the section, category and email address.
- Easy to make or change email format using wysing editor in the back end.
- User can add story. Admin and users get mail after user adds the story.
- Putting the CAPTCHA code for security.
- User can upload images from front end.
- Admin approve than show up in front-end.

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Vulnerability:

*SQLi Vulnerability

DEMO URL :

http://www.example.com/component/jesubmit/?view=[sqli]


# 0day n0 m0re #
# L0rd CrusAd3r #