Home / exploitsPDF  

Joomla Directory Tree SQL Injection

Posted on 14 October 2011

#1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
#0     _                   __           __       __                     1
#1   /'             __  /'__`        / \__  /'__`                   0
#0  /\_,     ___   /\_/\_      ___  ,_/ /   _ ___           1
#1  /_/  /' _ ` / /_/_\_<_  /'___  /    /`'__          0
#0       / /    /   / \__/  \_  \_   /           1
#1       \_ \_ \_\_   \____/ \____\ \__\ \____/ \_           0
#0       /_//_//_/ \_ /___/  /____/ /__/ /___/  /_/           1
#1                   \____/ >> Exploit database separated by exploit   0
#0                   /___/          type (local, remote, DoS, etc.)    1
#1                                                                      1
#0  [+] Site            : 1337day.com                                   0
#1  [+] Support e-mail  : submit[at]1337day.com                         1
#0                                                                      0
#1               #############################################          1
#0                I'm Sid3^effects member from Inj3ct0r Team            1
#1               #############################################          0
#0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
Application:Joomla com_directorytree Sqli vulnerability
Date:13/10/2011
Vendor URL:http://www.465-media.com/
Google Dork:inurl:com_directorytree
Author:Sid3^effects aKa HaRi
Contact:shell_c99@yahoo.com
#Big hugs : Th3 RDX,Sugar
#special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,SeeMe,MaYur,MA1201,Sonic,gunslinger_,Sn!pEr.S!,cr1m1n4l
###############################################################################################################
Desc:
eTree is primarily an employee/staff listing component for Joomla! CMS, allowing you to list employees/staff by categories and sub categories. Ideal usage is for any organization that needs to have people in many categories and sub-categories. For instance:

* Non-Profits
* Teacher/PTA groups.
* Girl Scout/Cub Scouts
* Churches/Religious Organizations
* Sports Teams
* Business - Large or Small
###############################################################################################################

Vulnerability:Sqli

http://www.target.com/demo/index.php?option=com_directorytree&view=displays&layout=user&user_id=[Sqli]&Itemid=4
http://www.target.com/demo/index.php?option=com_directorytree&view=displays&layout=category&id=[Sqli]&Itemid=2


###############################################################################################################

 

TOP

Malware :

Exploits :