Joomla Component BF Quiz SQL Injection Exploit released

Today I am releasing my Joomla Component BF Quiz SQL Injection Exploit. It exploits a vulnerability within the Joomla component BF Quiz I found a few hours ago.

Please click here to download the Python sploit.

Usage example:
python joomla_com_bfquiz_sploit.py – u “http://target/index.php?option=com_bfquiztrial&view=bfquiztrial&catid=34″

Features:
- Check if the provided URL is reachable
- Display current database, MySQL user and the MySQL version
- Display the password hash of the Joomla administrator

Screenshot:

Additional information
Only attack targets you are allowed to attack (e.g. your own website or a customer’s website for penetration testing). I am not responsible if you cause any damage or do bad things! Know and respect your local laws!

May 29th, 2010 in Exploits, SQL Injection | tags: com_bfquiz, exploit, Python, Security, sql injection, vulnerability

You must be logged in to post a comment.

Ascii for BreakfastSubscribe here (RSS)

Joomla Component BF Quiz SQL Injection Exploit released

Leave a comment

Ascii for Breakfast

Recent Posts

Active projects

Blogroll

Archives

Tag cloud

Files ≈ Packet Storm

Exploit-DB updates

blog.xen.org

Author Links