CVE-2012-1116

Joomla! 1.7.x and 2.5.x < 2.5.2 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-1116. PoCs published by Colin Wong.

AI-analyzed exploit summary This Perl script exploits a time-based SQL injection vulnerability in Joomla! versions prior to 2.5.1. It uses the `sleep()` function to infer data from the database, including database names, table structures, and sensitive information like admin passwords or file contents.

Description

SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Colin Wong · perlwebappsphp

https://www.exploit-db.com/exploits/36913

View Code ZIP pw:eip

This Perl script exploits a time-based SQL injection vulnerability in Joomla! versions prior to 2.5.1. It uses the `sleep()` function to infer data from the database, including database names, table structures, and sensitive information like admin passwords or file contents.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Joomla! < 2.5.1

No auth needed

Prerequisites: Target URL must be accessible · SQL injection vulnerability must be present in the target Joomla! installation

MITRE ATT&CK