CVE-2010-5056

GBU Facebook (com_gbufacebook) 1.0.5 - SQL Injection via face_id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-5056. PoCs published by kaMtiEz.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in the Joomla component GBU Facebook (version 1.0.5 or lower). The PoC provides a crafted URL with a SQL payload to extract user credentials from the database.

Description

SQL injection vulnerability in the GBU Facebook (com_gbufacebook) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the face_id parameter in a show_face action to index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by kaMtiEz · textwebappsphp

https://www.exploit-db.com/exploits/12299

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in the Joomla component GBU Facebook (version 1.0.5 or lower). The PoC provides a crafted URL with a SQL payload to extract user credentials from the database.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Joomla GBU Facebook component 1.0.5 or lower

No auth needed

Prerequisites: Joomla installation with vulnerable GBU Facebook component · Access to the vulnerable URL path

MITRE ATT&CK