Joomla JGen Component (com_jgen) SQL-i Vulnerability

vendor:

JGen

by:

RoAd_KiLlEr

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: JGen

Affected Version From: 0.9.33

Affected Version To: 0.9.80

Patch Exists: Unknown

Related CWE: N/A

CPE: a:jgen_database:jgen

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Win Xp Sp 2/3

Unknown

Joomla JGen Component (com_jgen) SQL-i Vulnerability

JGen is a genealogy database component for the Joomla content management system. It allows easy registration of individuals in your family tree, the links between them, sources where information was found, images and documents etc. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'id' in the URL.

Mitigation:

Developers should ensure that user input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

[+]Title                Joomla JGen Component  (com_jgen)  SQL-i Vulnerability
[+]Author          **RoAd_KiLlEr**
[+]Contact        RoAd_KiLlEr[at]Khg-Crew[dot]Ws
[+]Tested on     Win Xp Sp 2/3
---------------------------------------------------------------------------

[~] Founded by **RoAd_KiLlEr**
[~] Team: Albanian Hacking Crew
[~] Contact: RoAd_KiLlEr[at]Khg-Crew[dot]Ws 
[~] Home: http://inj3ct0r.com/author/2447  
[~] Download App:http://sourceforge.net/projects/jgen-database/files/jgen-database/JGen_0.9.80/JGen_0.9.80.zip/download
[~] Version:   0.9.33 
[~] Vendor: http://sourceforge.net/projects/jgen-database/
==========ExPl0iT3d by **RoAd_KiLlEr**==========

[+]Description:
JGen is a genealogy database component for the Joomla content management system. It allows easy registration of individuals in your family tree, the links between them, sources where information was found, images and documents etc
=========================================

[+] Dork: inurl:"com_jgen"

==========================================


[+].  SQL-i Vulnerability
=+=+=+=+=+=+=+=+=+

[Exploit]:  http://127.0.0.1/Joomla Path/index.php?option=com_jgen&task=view&id=[SQL Injection] 



===========================================================================================
[!] Albanian Hacking Crew           
===========================================================================================
[!] **RoAd_KiLlEr**   Says: Im BacK for More,so better Watch Out :P...I missed all of ya :)
===========================================================================================
[!] MaiL: sukihack[at]gmail[dot]com
===========================================================================================
[!] Greetz To : Ton![w]indowS | X-n3t | b4cKd00r ~ | DarKHackeR. | The|DennY` | EaglE EyE | THE_1NV1S1BL3 & All Albanian/Kosova Hackers 
===========================================================================================
[!] Spec Th4nks:  r0073r  | indoushka from Dz-Ghost Team  | MaFFiTeRRoR | All  Inj3ct0r 31337 Members | And All My Friendz
===========================================================================================
[!] Red n'black i dress eagle on my chest
It's good to be an ALBANIAN
Keep my head up high for that flag I die
Im proud to be an ALBANIAN
===========================================================================================