header-logo
Suggest Exploit
vendor:
Clantools
by:
Stephan Sattler
9
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: Clantools
Affected Version From: 1.2.3
Affected Version To: 1.2.3
Patch Exists: YES
Related CWE: N/A
CPE: a:joomla-clantools:clantools
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Joomla Component Clantools version 1.2.3 Multiple Blind SQL Injection Vulnerability

Multiple Blind SQL Injection vulnerabilities exist in Joomla Component Clantools version 1.2.3. The first vulnerability is located in the 'squad' parameter of the 'index.php' file when passing malicious SQL commands to the 'option=com_clantools' module. The second vulnerability is located in the 'task=clanwar' parameter of the 'index.php' file when passing malicious SQL commands to the 'option=com_clantools' module. Successful exploitation of these vulnerabilities can result in unauthorized access to the application and the underlying database.

Mitigation:

Users should upgrade to the latest version of Joomla Component Clantools. Additionally, users should apply the patch provided by the vendor.
Source

Exploit-DB raw data:

# Exploit Title: Joomla Component Clantools version 1.2.3 Multiple Blind SQL Injection Vulnerability
# Date: 05.09.2010
# Author: Stephan Sattler // Solidmedia
# Software Link: http://www.joomla-clantools.de/downloads/doc_download/7-clantools-123.html
# Version: 1.2.3


[ Vulnerability 1 ]

http://www.site.com/joomlapath/index.php?option=com_clantools&squad=1+[Blind SQL]

[ Vulnerability 2 ]

http://www.site.com/joomlapath/index.php?option=com_clantools&task=clanwar&showgame=1+[Blind SQL]&Itemid=999

#Vulnerability was already reported, have a look at http://www.joomla-clantools.de to get a patch

Navigation

Suggest Exploit

Services By CQR