[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Joomla 1.5.21 | Potential SQL Injection Flaws

To: "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>, "bugtraq@xxxxxxxxxxxxxxxxx" <bugtraq@xxxxxxxxxxxxxxxxx>, "bugs@xxxxxxxxxxxxxxxxxxx" <bugs@xxxxxxxxxxxxxxxxxxx>, "vuln@xxxxxxxxxxx" <vuln@xxxxxxxxxxx>, "secalert@xxxxxxxxxxxxxxxxxx" <secalert@xxxxxxxxxxxxxxxxxx>, "news@xxxxxxxxxxxxxx" <news@xxxxxxxxxxxxxx>, "vuln@xxxxxxxxxxxxxxxx" <vuln@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Joomla 1.5.21 | Potential SQL Injection Flaws
From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
Date: Sun, 31 Oct 2010 20:34:39 +0000

According to your site, you want "to entice young Burmese people into ethical 
hacking" and "raise students' interest in security/hacking in an ethical 
manner," yet you "disclosed these flaws in order for someone who can exploit 
these flaws to the next maximum level"? 

Douche. 

t



-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx 
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of YGN Ethical 
Hacker Group
Sent: Sunday, October 31, 2010 12:19 PM
To: full-disclosure@xxxxxxxxxxxxxxxxx; bugtraq@xxxxxxxxxxxxxxxxx; 
bugs@xxxxxxxxxxxxxxxxxxx; vuln@xxxxxxxxxxx; secalert@xxxxxxxxxxxxxxxxxx; 
news@xxxxxxxxxxxxxx; vuln@xxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Joomla 1.5.21 | Potential SQL Injection Flaws

1. VULNERABILITY DESCRIPTION


Potential SQL Injection Flaws were detected Joomla! CMS version 1.5.20. These 
flaws were reported along with our Cross Scripting Flaw which was fixed in 
1.5.21. Developers believed that our reported SQL Injection flaws are not fully 
exploitable because of Joomla! built-in string filters and were not fixed in 
1.5.21 which is currently the latest version.

As a result, we disclosed these flaws  in order for someone who can exploit 
these flaws to the next maximum level.


2. PROOF-OF-CONCEPT/EXPLOIT

http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_(filter_order)_front.jpg
http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order_Dir%29_front.jpg
http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order_Dir%29_back.jpg


3. DISCLOSURE TIME-LINE


2010-10-06  : Notified Joomla! Security Strike Team
2010-11-01  : Vulnerability disclosed


4. VENDOR

Joomla! Developer Team
http://www.joomla.org
http://www.joomla.org/download.html

________________________________________________________

# YGN Ethical Hacker Group
# http://yehg.net
# 2010-11-1

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Joomla 1.5.21 | Potential SQL Injection Flaws
  - From: Thor (Hammer of God)
- Re: [Full-disclosure] Joomla 1.5.21 | Potential SQL Injection Flaws
  - From: YGN Ethical Hacker Group

References:
- [Full-disclosure] Joomla 1.5.21 | Potential SQL Injection Flaws
  - From: YGN Ethical Hacker Group

Prev by Date: Re: [Full-disclosure] Evilgrade 2.0 - the update explotation framework is back
Next by Date: Re: [Full-disclosure] Joomla 1.5.21 | Potential SQL Injection Flaws
Previous by thread: [Full-disclosure] Joomla 1.5.21 | Potential SQL Injection Flaws
Next by thread: Re: [Full-disclosure] Joomla 1.5.21 | Potential SQL Injection Flaws
Index(es):
- Date
- Thread