Joomla Component com_hotbrackets Blind SQL injection Vulnerability

vendor:

com_hotbrackets

by:

Fl0riX

8,8

CVSS

HIGH

Blind SQL Injection

CWE

Product Name: com_hotbrackets

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Joomla Component com_hotbrackets Blind SQL injection Vulnerability

A Blind SQL injection vulnerability exists in the Joomla Component com_hotbrackets, which allows an attacker to gain admin login credentials. The vulnerability is triggered when maliciously crafted input is passed via the 'id' parameter. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. A successful exploit could allow the attacker to gain admin login credentials.

Mitigation:

Input validation should be used to filter out malicious characters.

Source

Exploit-DB raw data:

<------------------- header data start ------------------- >

#############################################################
#       Joomla Component com_hotbrackets Blind SQL injection Vulnerability
#############################################################

# author        : Fl0riX

# Name           : com_hotbrackets

# Bug Type       : Blind SQL Injection

# Infection      : Admin login bilgileri al&#305;nabilir.

# Demo Vuln.     :
TRUE(+)
» http://server/index.php?option=com_hotbrackets&id=1 and 1=1
FALSE(-)
» http://server/index.php?option=com_hotbrackets&id=1 and 1=0

# Bug Fix Advice : Zararl&#305; karakterler filtrelenmelidir.

#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >

path/index.php?option=com_hotbrackets&id=[Blind]

< -- bug code end of -- >