Joomla! Component Address Book - Blind SQL Injection

EDB-ID:

14210




Platform:

PHP

Date:

2010-07-04


1               ##########################################             1
0               I'm Sid3^effects member from Inj3ct0r Team             1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Name :  Joomla com_addressbook Blind Sqli Vulnerability
Date : july 4,2010
Critical Level 	: HIGH
vendor URL :http://b-elektro.no/
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz 
#######################################################################################################
Description:
The Front-edit Address Book is a powerful, but easy to use address book component for Joomla. If you are looking for a address book, or just a component that allows users to manage contact information directly from front,  this might be what you are looking for.

Some features:

* Allows users to create, edit and delete contact information directly from front.
* Multiple layouts available ("table", "list" and "single contact layout").
* Some access control based on usergroups or individual users.
* The component is designed to work together with com_contact (the joomla core contact component).

#######################################################################################################
Xploit :Blind SQli Vulnerability

DEMO URL :http://server/index.php?option=com_addressbook&view=contact&Itemid=[Bsqli]

###############################################################################################################
# 0day no more 
# Sid3^effects