header-logo
Suggest Exploit
vendor:
Online News Paper Manager
by:
Don Tukulesto
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Online News Paper Manager
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Joomla com_jnewspaper (cid) SQL Injection Vulnerability

A SQL Injection vulnerability exists in Joomla com_jnewspaper (cid) which allows an attacker to inject malicious SQL queries via the 'cid' parameter. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This can be used to bypass authentication, access, modify and delete data in the back-end database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Sanitize all user input data before using it in an SQL query.
Source

Exploit-DB raw data:

/**************************************************************************

[!] Joomla com_jnewspaper (cid) SQL Injection Vulnerability
[!] Author	: Don Tukulesto (root@indonesiancoder.com)
[!] Homepage	: http://indonesiancoder.com
[!] Date	: Tue, April 20, 2010
[!] Tune in	: http://antisecradio.fm (choose your weapon)

**************************************************************************/

[ Software Information ]

[>] Vendor : http://emultisoft.net
[>] Download : http://emultisoft.net/View-document-details/3-Online-News-Paper-Manager.html
[>] Name : Online News Paper Manager
[>] Version : 
[>] License : GPL
[>] Type : Non-Commercial
[>] Method : SQL Injection

========================================================

[ Proof of Concept ]

http://server/path/index.php?option=com_jnewspaper&cid=31337

========================================================

[ Cheers ]

[>] Indonesian Coder Team - AntiSecurity - ServerIsDown - SurabayaHackerLink
[>] My brother M364TR0N - kaMtiEz - Gonzhack - El N4ck0 - ibl13Z - arianom - YaDoY666 - ./Jack-
[>] neng elv1n4 - xshadow - SAINT - Cyb3r_tr0n - M3NW5 - Pathloader - Mboys - Contrex - amxku - inj3ct0r
[>] xnitro @xtremenitro.org - DraCoola - r3m1ck - Senot - ran - CherCut - Ghambass - CyberSector 31
[>] James Brown & Todd @packetstormsecurity.org - Maksymilian & sp3x @securityreason.com

[ Notes ]

[>] WE ARE ONE UNITY, WE ARE A CODER FAMILY, AND WE ARE INDONESIAN CODER TEAM

Navigation

Suggest Exploit

Services By CQR