Joomla JE Story submit SQL Injection

vendor:

Joomla JE Story submit

by:

L0rd CrusAd3r

8,8

CVSS

HIGH

SQLi Vulnerability

CWE

Product Name: Joomla JE Story submit

Affected Version From: 1.4

Affected Version To: 1.4

Patch Exists: Yes

Related CWE: N/A

CPE: a:joomlaextensions:joomla_je_story_submit

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Joomla JE Story submit SQL Injection

A SQL injection vulnerability exists in Joomla JE Story submit component version 1.4. The vulnerability allows an attacker to execute arbitrary SQL commands on the vulnerable system. The vulnerability is due to insufficient sanitization of user-supplied input in the 'view' parameter of the 'component/jesubmit/' URL. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable system. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information, modification of data, and other malicious activities.

Mitigation:

The vendor has released an update to address this vulnerability. Users are advised to update to the latest version of Joomla JE Story submit component.

Source

Exploit-DB raw data:

Exploit Title: Joomla JE Story submit SQL Injection
Vendor url:http://joomlaextensions.co.in
Version:1.4
Greetz to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat, Sai, KD, M4n0j.
Special Greetz: Topsecure.net, inj3ct0r Team ,Andhrahackers.com
Shoutzz:- To all ICW members.
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Description:
100% MVC structure follow. User can add your stories in joomla article.

Front end:

User can add stories. Admin and users get mail after user adds the story. Admin approve than show up in front-end. CAPTCHA code feature is available in front end side. User can upload images.

Back end:

Admin can configure the section, category and email address.
For Joomla Version: Joomla 1.5. Login here for free download.
Also admin can select the category and section what ever they want. Select section functionality using Ajax.
Admin email format also user email format setting from back-end. Easy to make or change email format using wysing editor.
Admin can disable and enable the category/section selection option.

Support the Joomla 1.5.


Features:-
- Admin can configure the section, category and email address.
- Easy to make or change email format using wysing editor in the back end.
- User can add story. Admin and users get mail after user adds the story.
- Putting the CAPTCHA code for security.
- User can upload images from front end.
- Admin approve than show up in front-end.

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Vulnerability:

*SQLi Vulnerability

DEMO URL :

http://www.example.com/component/jesubmit/?view=[sqli]


# 0day n0 m0re #
# L0rd CrusAd3r #