header-logo
Suggest Exploit
vendor:
Joomla
by:
g3mbeLz_YCL
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Joomla
Affected Version From: Joomla 1.5.x
Affected Version To: Joomla 1.5.x
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2011

X.P.L

The vulnerability exists due to insufficient filtration of user-supplied data passed via the 'catid' and 'secid' parameters to the '/index.php' script. A remote attacker can send a specially crafted request to the vulnerable application and execute arbitrary SQL commands in application's database. This can be exploited to bypass certain security restrictions, disclose sensitive data, modify data, etc.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied data should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

Author     : g3mbeLz_YCL
Site       : www.yogyacarderlink.web.id
Date       : Mei, 09 2011.
Location   : Yogyakarta, Indonesia.
Time Zone  : GMT +6:00
Dork Google: inurl:"com_hello"

[x] X.P.L:
../public_html/index.php?option=com_hello&view=hello&catid=74&secid=[SQLi] <--- Your Skill...!!!


- Shouts & Greetz:
All YOGYACARDERLINK CREW...!!!
I Love You... :-)

[x] Bugs Found By: g3mbeLz_YCL.
We

Navigation

Suggest Exploit

Services By CQR