Joomla Component com_zina SQL Injection Vulnerability

vendor:

Zina

by:

Th3 RDX

N/A

CVSS

N/A

SQL Injection

CWE

Product Name: Zina

Affected Version From: 2.x

Affected Version To: 2.x

Patch Exists: Yes

Related CWE: N/A

CPE: a:pancake:zina

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2010

Joomla Component com_zina SQL Injection Vulnerability

A SQL injection vulnerability exists in the Joomla component com_zina, which allows an attacker to inject malicious SQL queries via the 'zina[search]' parameter. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Mitigation:

Upgrade to the latest version of the component.

Source

Exploit-DB raw data:

# Exploit Title: Joomla Component com_zina SQL Injection Vulnerability
# Date: 21-08-2010
# Author: Th3 RDX
# Software Link:http://www.pancake.org/zina/
# Version:  2.x
# Tested on: Demo Site
# category: webapp
# Code : n/a
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
                                   I Love Faith :)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
    L0v3 To: R00T, R45c4l, Agent: 1c3c0ld, Big Kid, Lucky
(Indishell.in)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Big Hugs to >:D< : Br0wn Sug4r, Sid3^effects, L0rd CruSad3r, Sonic ,
r0073r(inj3ct0r.com)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
       Gr33tz to ### Team I.C.A | www.IndiShell.in | Team I.C.W ###
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

##############################################################################
%//

----- [ Founder ] -----

        Th3 RDX

----- [ E - mail ] -----

    th3rdx@gmail.com


                                                        %\\
##############################################################################

##############################################################################
%//

----- [Title] -----

Joomla Component com_zina SQL Injection Vulnerability

----- [ Vendor ] -----

http://www.pancake.org/zina/
                                                        %\\
##############################################################################

##############################################################################
%//

----- [ Injection (s) ] -----

----- [ SQL Injection ] -----

Put [BSQLi CODE]

[Link] http://joomla/index.php?option=com_zina&view=zina&Itemid=9[SQLi CODE]



                                                        %\\
##############################################################################

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=> PROUD TO BE AN INDIAN

=> c0d3 for motherland, h4ck for motherland

==> i'm little more than useless <==
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>.

Bug discovered : 21 August 2010

finish(0);
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

#End 0Day#