1 ########################################## 1 0 I'm Sid3^effects member from Inj3ct0r Team 1 1 ########################################## 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Name : Joomla com_addressbook Blind Sqli Vulnerability Date : july 4,2010 Critical Level : HIGH vendor URL :http://b-elektro.no/ Author : Sid3^effects aKa HaRi special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_ greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz ####################################################################################################### Description: The Front-edit Address Book is a powerful, but easy to use address book component for Joomla. If you are looking for a address book, or just a component that allows users to manage contact information directly from front, this might be what you are looking for. Some features: * Allows users to create, edit and delete contact information directly from front. * Multiple layouts available ("table", "list" and "single contact layout"). * Some access control based on usergroups or individual users. * The component is designed to work together with com_contact (the joomla core contact component). ####################################################################################################### Xploit :Blind SQli Vulnerability DEMO URL :http://server/index.php?option=com_addressbook&view=contact&Itemid=[Bsqli] ############################################################################################################### # 0day no more # Sid3^effects