[o]========================================================[o]
[!] Mambo & Joomla! Component HeXimage SQL Injection Vulnerability
[!] Author : Don Tukulesto (root@indonesiancoder.com)
[!] Homepage : http://indonesiancoder.com
[!] Date : Tue, August 17, 2010
[o]========================================================[o]
[ Software Information ]
[>] Vendor : http://www.joomlafrance.org
[>] Download : http://www.joomlafrance.org/telecharger/startdown/HeXimage.html
[>] Version : 2.1.2
[>] License : GNU General Public License
[>] Type : Non-Commercial ( open source CMS )
[>] Method : SQL Injection
========================================================
[ Proof of Concept ]
http://[site]/index.php?option=com_heximage&task=selector&albumselected=INDONESIANCODER&pID=31337
========================================================
[ We are ]
[>] Indonesian Coder Team - AntiSecurity - ServerIsDown - SurabayaHackerLink
[>] M364TR0N | DEESSAINT | Cyb3r_tr0n | Gonzhack | kaMtiEz | El N4ck0 | ibl13Z | arianom
[>] elv1n4 | YaDoY666 | ./Jack- | xshadow | M3NW5 | Pathloader | Mboys | Contrex | amxku
[>] xnitro @xtremenitro.org | DraCoola | Senot | ran | CherCut & bocah|duduL | Ghambass | CS-31
[>] James Brown & Todd @packetstormsecurity.org | Maksymilian & sp3x @securityreason.com
[ Notes ]
[>] Proclamation of Indonesian Independence
PROCLAMATION
WE THE PEOPLE OF INDONESIA HEREBY DECLARE THE INDEPENDENCE OF INDONESIA.
MATTERS WHICH CONCERN THE TRANSFER OF POWER AND OTHER THINGS WILL BE EXECUTED
BY CAREFUL MEANS AND IN THE SHORTEST POSSIBLE TIME.
DJAKARTA, AUGUST 17, 1945
IN THE NAME OF THE PEOPLE OF INDONESIA
SOEKARNO Ñ HATTA