[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Joomla 1.5.21 | Potential SQL Injection Flaws

P.S.  You don't sanitize input on your "Subscribe for Updates" post before 
sending it to Feedburner.   You know, the one located in 
"http://yehg.net/lab/#home"; across from your "XSS attack demo on Joomla!" log 
update.  
It's trivial to generate "Trouble at the mill! FeedBurner encountered some kind 
of error performing the task or displaying the page you requested. Fear not, 
this event has notified the appropriate people within FeedBurner and we will 
have this all ironed out soon."

I'm  sure there are people on the list here that can help you with that.

t



-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx 
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Thor (Hammer of 
God)
Sent: Sunday, October 31, 2010 1:35 PM
To: full-disclosure@xxxxxxxxxxxxxxxxx; bugtraq@xxxxxxxxxxxxxxxxx; 
bugs@xxxxxxxxxxxxxxxxxxx; vuln@xxxxxxxxxxx; secalert@xxxxxxxxxxxxxxxxxx; 
news@xxxxxxxxxxxxxx; vuln@xxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Joomla 1.5.21 | Potential SQL Injection Flaws

According to your site, you want "to entice young Burmese people into ethical 
hacking" and "raise students' interest in security/hacking in an ethical 
manner," yet you "disclosed these flaws in order for someone who can exploit 
these flaws to the next maximum level"? 

Douche. 

t



-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx 
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of YGN Ethical 
Hacker Group
Sent: Sunday, October 31, 2010 12:19 PM
To: full-disclosure@xxxxxxxxxxxxxxxxx; bugtraq@xxxxxxxxxxxxxxxxx; 
bugs@xxxxxxxxxxxxxxxxxxx; vuln@xxxxxxxxxxx; secalert@xxxxxxxxxxxxxxxxxx; 
news@xxxxxxxxxxxxxx; vuln@xxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Joomla 1.5.21 | Potential SQL Injection Flaws

1. VULNERABILITY DESCRIPTION


Potential SQL Injection Flaws were detected Joomla! CMS version 1.5.20. These 
flaws were reported along with our Cross Scripting Flaw which was fixed in 
1.5.21. Developers believed that our reported SQL Injection flaws are not fully 
exploitable because of Joomla! built-in string filters and were not fixed in 
1.5.21 which is currently the latest version.

As a result, we disclosed these flaws  in order for someone who can exploit 
these flaws to the next maximum level.


2. PROOF-OF-CONCEPT/EXPLOIT

http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_(filter_order)_front.jpg
http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order_Dir%29_front.jpg
http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order_Dir%29_back.jpg


3. DISCLOSURE TIME-LINE


2010-10-06  : Notified Joomla! Security Strike Team
2010-11-01  : Vulnerability disclosed


4. VENDOR

Joomla! Developer Team
http://www.joomla.org
http://www.joomla.org/download.html

________________________________________________________

# YGN Ethical Hacker Group
# http://yehg.net
# 2010-11-1

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/ 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/