| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 13 Nov 2010 11:36:21 +0200 From: Henri Salo <henri@...v.fi> To: YGN Ethical Hacker Group <lists@...g.net>, security@...mla.org Cc: vuln@...urity.nnov.ru, vuln@...unia.com, news@...uriteam.com, secalert@...urityreason.com, bugs@...uritytracker.com, full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com, manu ^^ <manu.kum@...il.com> Subject: Re: Joomla 1.5.21 | Potential SQL Injection Flaws -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 5 Nov 2010 21:41:42 +0800 YGN Ethical Hacker Group <lists@...g.net> wrote: > This public disclosure has achieved its aim. > > Joomla! Team finally patched this hole. > > > http://developer.joomla.org/security/news/9-security/10-core-security/323-20101101-core-sqli-info-disclosurevulnerabilities.html > > Upgrade to the latest Joomla! version (1.5.22 or later). > > > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> > > > 1. VULNERABILITY DESCRIPTION > > > Potential SQL Injection Flaws were detected Joomla! CMS version > 1.5.20. These flaws were reported along with our Cross Scripting Flaw > which was fixed in 1.5.21. Developers believed that our reported SQL > Injection flaws are not fully exploitable because of Joomla! built-in > string filters and were not fixed in 1.5.21 which is currently the > latest version. > > > 2. PROOF-OF-CONCEPT/EXPLOIT > > http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_(filter_order)_front.jpg > http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order_Dir%29_front.jpg > http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order_Dir%29_back.jpg > > > 3. DISCLOSURE TIME-LINE > > > 2010-10-06 : Notified Joomla! Security Strike Team > 2010-11-01 : Vulnerability disclosed > 2010-11-05 : Patched version (1.5.22) released > > 4. VENDOR > > Joomla! Developer Team > http://www.joomla.org > http://www.joomla.org/download.html CVE-2010-4166 can be used when dealing with this issue. Best regards, Henri Salo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkzeXBUACgkQXf6hBi6kbk8fRwCgkvUjPDeZkL1DbwVjHGqfHGV8 oWkAoJ6y34brWQW+S0gEZ8McY0eOye5w =yn83 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists