Joomla com_jmarket SQLi Vulnerability

vendor:

Joomla com_jmarket

by:

Sid3^effects aKa HaRi

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Joomla com_jmarket

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2010

Joomla com_jmarket SQLi Vulnerability

Joomla com_jmarket component is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. This may aid in further attacks.

Mitigation:

Upgrade to the latest version of Joomla com_jmarket component.

Source

Exploit-DB raw data:

       ============================================
        joomla com_jmarket SQLi Vulnerability
       ============================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1               ##########################################             1
0               I'm Sid3^effects member from Inj3ct0r Team             1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Name : Joomla com_jmarket SQLi Vulnerability
Date : june, 9 2010
Vendor url :http://ijoobi.com
Dork: inurl:com_jmarket
Platform: Windows
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,gunslinger_
greetz to :All ICW members.

###############################################################################################################
Description:

Joomla com_jmarket from ijoobi suffers from sql injection vulnerability :).


###############################################################################################################

Xploit: SQLi Vulnerability

DEMO URL :

    http://server/index.php?option=com_jmarket&controller=product&task=[sqli]

###############################################################################################################
# 0day no more
# Sid3^effects