Injection: Joomla departments - SQL Injection¶

Identifier: joomla_department_sqli

Scanner(s) Support¶

Description¶

Joomla! com_departments parameter contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.

Reference:

• https://github.com/opensec-cn/kunpeng/blob/master/plugin/json/joomla_departments_sqli.json
• https://github.com/w3bd0gs/cocoworker/blob/master/plugins/beebeeto/poc_2014_0170.py

Configuration¶

Example¶

Example configuration:

---
security_tests:
  joomla_department_sqli:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

assets_allowed¶

Type : List[AssetType]*

List of assets that this check will cover.

skip¶

Type : boolean

Skip the test if true.