header-logo
Suggest Exploit
vendor:
Com_rokmodule
by:
Yarolinux
8,8
CVSS
HIGH
Blind SQLi
89
CWE
Product Name: Com_rokmodule
Affected Version From: Joomla 1.7
Affected Version To: Joomla 1.7
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux Backtrack
2012

Joomla Component RokModule Blind SQLi [module] Vulnerability

This vulnerability allows an attacker to inject malicious SQL queries into the vulnerable application. The attacker can use this vulnerability to gain access to sensitive information stored in the database, such as usernames and passwords. The exploit can be triggered by sending a specially crafted HTTP request to the vulnerable application. The request contains a malicious SQL query that is injected into the application and executed by the database server.

Mitigation:

The best way to mitigate this vulnerability is to ensure that all user input is properly sanitized and validated before being used in any SQL queries. Additionally, it is recommended to use parameterized queries instead of dynamic SQL queries.
Source

Exploit-DB raw data:

Titulo: Joomla Component RokModule Blind SQLi [module] Vulnerability

Nombre del Componente: Com_rokmodule

Empresa: http://www.rockettheme.com/

Testeado: Linux Backtrack

Autor: Yarolinux Para WebSecurityDev
Twitter: @Yarolinux

Fecha: 09/09/2012

Bueno la Injeccion Va de la siguiente manera:

http://localhost/index.php?option=com_rokmodule&tmpl=component&type=raw&module=[sqli]

http://localhost/web/index.php?option=com_rokmodule&tmpl=component&type=raw&module=[sqli]or[BlindSQLi]


Ok! Eso es todo Difrutenlo!

Estamos trabajando en un laboratorio testeandolo en Joomla 1.7, Muy 
pronto resultados :D

Greetz: Dylan Irzi & WebSecurityDev

Navigation

Suggest Exploit

Services By CQR