1 ########################################## 1
0 I'm Sid3^effects member from Inj3ct0r Team 1
1 ########################################## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
Name : Joomla com_addressbook Blind Sqli Vulnerability
Date : july 4,2010
Critical Level : HIGH
vendor URL :http://b-elektro.no/
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz
#######################################################################################################
Description:
The Front-edit Address Book is a powerful, but easy to use address book component for Joomla. If you are looking for a address book, or just a component that allows users to manage contact information directly from front, this might be what you are looking for.
Some features:
* Allows users to create, edit and delete contact information directly from front.
* Multiple layouts available ("table", "list" and "single contact layout").
* Some access control based on usergroups or individual users.
* The component is designed to work together with com_contact (the joomla core contact component).
#######################################################################################################
Xploit :Blind SQli Vulnerability
DEMO URL :http://server/index.php?option=com_addressbook&view=contact&Itemid=[Bsqli]
###############################################################################################################
# 0day no more
# Sid3^effects
