The Mambo / Joomla HeXimage component 2.1.2 remote SQL injection

2010.08.18
Credit: Don Tukulesto
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

[o]========================================================[o] [!] Mambo & Joomla! Component HeXimage SQL Injection Vulnerability [!] Author : Don Tukulesto (root@indonesiancoder.com) [!] Homepage : http://indonesiancoder.com [!] Date : Tue, August 17, 2010 [o]========================================================[o] [ Software Information ] [>] Vendor : http://www.joomlafrance.org [>] Download : http://www.joomlafrance.org/telecharger/startdown/HeXimage.html [>] Version : 2.1.2 [>] License : GNU General Public License [>] Type : Non-Commercial ( open source CMS ) [>] Method : SQL Injection ======================================================== [ Proof of Concept ] http://[site]/index.php?option=com_heximage&task=selector&albumselected=INDONESIANCODER&pID=31337 ======================================================== [ We are ] [>] Indonesian Coder Team - AntiSecurity - ServerIsDown - SurabayaHackerLink [>] M364TR0N | DEESSAINT | Cyb3r_tr0n | Gonzhack | kaMtiEz | El N4ck0 | ibl13Z | arianom [>] elv1n4 | YaDoY666 | ./Jack- | xshadow | M3NW5 | Pathloader | Mboys | Contrex | amxku [>] xnitro @xtremenitro.org | DraCoola | Senot | ran | CherCut & bocah|duduL | Ghambass | CS-31 [>] James Brown & Todd @packetstormsecurity.org | Maksymilian & sp3x @securityreason.com [ Notes ] [>] Proclamation of Indonesian Independence PROCLAMATION WE THE PEOPLE OF INDONESIA HEREBY DECLARE THE INDEPENDENCE OF INDONESIA. MATTERS WHICH CONCERN THE TRANSFER OF POWER AND OTHER THINGS WILL BE EXECUTED BY CAREFUL MEANS AND IN THE SHORTEST POSSIBLE TIME. DJAKARTA, AUGUST 17, 1945 IN THE NAME OF THE PEOPLE OF INDONESIA SOEKARNO Ñ HATTA


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top