CVE-2008-6883

com_livechat 1.0 - SQL Injection via last parameter to getChatRoom.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6883. PoCs published by jdc.

AI-analyzed exploit summary The exploit demonstrates SQL injection vulnerabilities in Joomla Live Chat component, specifically in 'getChat.php' and 'getSavedChatRooms.php' where the 'last' parameter is unsanitized. It also highlights an open proxy vulnerability in 'xmlhttp.php'.

Description

SQL injection vulnerability in the Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the last parameter to getChatRoom.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by jdc · textwebappsphp

https://www.exploit-db.com/exploits/7441

View Code ZIP pw:eip

The exploit demonstrates SQL injection vulnerabilities in Joomla Live Chat component, specifically in 'getChat.php' and 'getSavedChatRooms.php' where the 'last' parameter is unsanitized. It also highlights an open proxy vulnerability in 'xmlhttp.php'.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Joomla Live Chat component

No auth needed

Prerequisites: Access to the vulnerable Joomla Live Chat component

MITRE ATT&CK