Joomla com_bt_media - SQL Injection

vendor:

com_bt_media

by:

Mojtaba MobhaM

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: com_bt_media

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:joomla:joomla

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Win

2016

Joomla com_bt_media – SQL Injection

Joomla com_bt_media is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious SQL statements to the vulnerable parameter 'categories[0]'. This can allow the attacker to gain access to sensitive information from the database.

Mitigation:

Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

######################
# Exploit Title : Joomla com_bt_media - SQL Injection
# Exploit Author : Persian Hack Team
# Vendor Homepage : http://extensions.joomla.org/extension/bt-media-gallery
# Category: [ Webapps ]
# Tested on: [ Win ]
# Version: 1.0
# Date: 2016/06/19
######################
#
# PoC:
 
# categories[0]= Parameter Vulnerable To SQL
 
# Demo :
 
# http://server/index.php?option=com_bt_media&view=list&categories[0]=%277&Itemid=134

 
# Please Free Yaser Ebrahimi
 
######################
# Discovered by : Mojtaba MobhaM 
# Greetz : T3NZOG4N & FireKernel & Masood Ostad & Dr.Koorangi &  Milad Hacking & JOK3R And All Persian Hack Team Members
# Homepage : persian-team.ir
######################