Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ######################################################################################################
- ___________ .__ .__ __ ____. .__
- \_ _____/___ _________ | | ____ |__|_/ |_ | | ____ ____ _____ | | _____
- | __)_ \ \/ /\____ \ | | / _ \ | |\ __\ | | / _ \ / _ \ / \ | | \__ \
- | \ > < | |_> >| |__( <_> )| | | | /\__| |( <_> )( <_> )| Y Y \| |__ / __ \_
- /_______ //__/\_ \| __/ |____/ \____/ |__| |__| \________| \____/ \____/ |__|_| /|____/(____ /
- \/ \/|__| \/ \/
- ######################################################################################################
- #############################################################################
- _________ __ __________ .__ _________ __
- / _____/| | __ ___.__. \______ \| | _____ \_ ___ \ | | __
- \_____ \ | |/ /< | | | | _/| | \__ \ / \ \/ | |/ /
- / \| < \___ | | | \| |__ / __ \_\ \____| <
- /_______ /|__|_ \ / ____| ______ |______ /|____/(____ / \______ /|__|_ \
- \/ \/ \/ /_____/ \/ \/ \/ \/
- #############################################################################
- # Exploit Título : Multiple vulnerabilities Joomla Registrationpro
- # Exploit Autor : Sky_BlaCk
- # Versión : 1.5,1.7
- # Tested on : Window and Linux
- # Google dork : [inurl:index.php?option=com_registrationpro]
- ---------------------------
- # ~ Explotación ~ #
- ---------------------------
- Concept:
- SQL Injection is a method of infiltration arbitrary code that uses a computer vulnerabilities present in an application-level input validation to query a database.
- The origin of the vulnerability lies in the wrong check and / or filtering of the variables used in a program that contains.
- ----------------------------
- # PoC - SQLi and BlindSQLi #
- ----------------------------
- Variable : did
- http://www.sitio.com/index.php?option=com_registrationpro&view=event&Itemid=106&did=163
- http://www.sitio.com/index.php?option=com_registrationpro&view=event&Itemid=106&did=163&lang=es
- ----------------------------
- # PoC - SQLi and BlindSQLi #
- ----------------------------
- Variable : did
- http://www.sitio.com/index.php?option=com_registrationpro&view=attendees&tmpl=component&did=37
- http://www.sitio.com/index.php?option=com_registrationpro&view=attendees&tmpl=component&did=37&lang=es
- ---------------
- # PoC - SQLi #
- ---------------
- Variable : id
- http://www.sitio.com/index.php?option=com_registrationpro&view=category&id=1
- http://www.sitio.com/index.php?option=com_registrationpro&view=category&id=2&Itemid=1
- Recommendations:
- Well this these vulnerabilities presented in this post are considered the most common on websites. But as we see everything is based on the incorrect validation of the variable which gives income to the attack. I recommend foreground properly validate this using variables for power so neglecting attacks.
- Regards :
- TodakarHD - Cat Duh - Nettux Alset - You Fckme Niga - Kais pattern and my other friends ..... ^_^
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement