Joomla! Component NinjaMonials - Blind SQL Injection

1               ##########################################             1
0               I'm Sid3^effects member from Inj3ct0r Team             1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Name :  Joomla com_ninjamonials BSqli Vulnerability
Date : july 4,2010
Critical Level 	: HIGH
vendor URL :http://ninjaforge.com/
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz 
#######################################################################################################
Description : 
NinjaMonials is designed to help you quickly and easily collect and display testimonials for your site.

Testimonials improve customer confidence, which in turn improves the ability of your site to convert visitors into customers and members.
Any internet marketing expert will tell you that testimonials will improve the conversion rates of guests into members on virtually any site. By providing guests with 3rd party, honest reviews from customers they get a much more solid idea of how your site and service really is, and are not required to believe only your marketing material.

Testimonials are especially important for a commercial website, but can be just as useful for non commercial sites who want to convert and retain more customers.

#######################################################################################################
Xploit :BSQli Vulnerability

DEMO URL :http://server/joomla15/index.php?option=com_ninjamonials&view=display&Itemid=[Bsqli]

###############################################################################################################
# 0day no more 
# Sid3^effects