lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 12 Nov 2011 04:09:12 +0100
From: Christian Sciberras <uuf6429@...il.com>
To: "research@...nerability-lab.com" <research@...nerability-lab.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Joomla Component (com_content) - Blind SQL
 Injection Vulnerability

Which version is this?



On Sat, Nov 12, 2011 at 12:35 AM, research@...nerability-lab.com <
research@...nerability-lab.com> wrote:

> Title:
> ======
> Joomla Component (com_content) -  Blind SQL Injection Vulnerability
>
>
> Date:
> =====
> 2011-11-11
>
>
> References:
> ===========
> http://www.vulnerability-lab.com/get_content.php?id=323
>
>
> VL-ID:
> =====
> 323
>
>
> Introduction:
> =============
> Joomla is a free and open source content management system (CMS) for
> publishing content on
> the World Wide Web and intranets and a model–view–controller (MVC) Web
> application framework
> that can also be used independently.
> Joomla is written in PHP, uses object-oriented programming (OOP)
> techniques and software design
> patterns[citation needed], stores data in a MySQL database, and includes
> features such as page
> caching, RSS feeds, printable versions of pages, news flashes, blogs,
> polls, search, and support
> for language internationalization.
> Joomla had been downloaded 23 million times. Between March 2007 and
> February 2011 there had been
> more than 21 million downloads. There are over 7,400 free and commercial
> extensions available
> from the official Joomla! Extension Directory and more available from
> other sources
>
> (Copy of the Vendor Website: http://en.wikipedia.org/wiki/Joomla!)
>
>
> Abstract:
> =========
> A vulnerability laboratory researcher discovered a Blind SQL Injection
> vulnerability on the com_content component of the joomla CMS.
>
>
> Status:
> ========
> Published
>
>
> Exploitation-Technique:
> =======================
> Remote
>
>
> Severity:
> =========
> Critical
>
>
> Details:
> ========
> A blind SQL Injection vulnerability was detected on the com_content
> component of the joomla CMS.
> The vulnerability allows an attacker (remote) to inject/execute own sql
> statements on the affected application dbms.
> Successful exploitation of the vulnerability can result in compromise of
> the affected application dbms.
>
> Vulnerable Module(s):
>                                                          [+] com_content
>
>
> Proof of Concept:
> =================
> The vulnerability can be exploited be remote attackers. For demonstration
> or reproduce ...
>
> 1: [Site]/joomla/index.php?option=com_content&view=archive&year=1 [BSQLI]
>
> 2: [Site]/joomla/index.php?option=com_content&view=archive&year=-1 or 1=1--
>
> 3: [Site]/joomla/index.php?option=com_content&view=archive&year=-1 or 1=0--
>
>
> [x] Demo :
>
> http://www.paul.house.gov/index.php?option=com_content&view=archive&year=-1or 1=0--
>
>
> Risk:
> =====
> The security risk of the blind sql injection vulnerability is estimated as
> critical.
>
>
> Credits:
> ========
> E.Shahmohamadi  (IRAN)
>
>
> Disclaimer:
> ===========
> The information provided in this advisory is provided as it is without any
> warranty. Vulnerability-Lab disclaims all warranties,
> either expressed or implied, including the warranties of merchantability
> and capability for a particular purpose. Vulnerability-
> Lab or its suppliers are not liable in any case of damage, including
> direct, indirect, incidental, consequential loss of business
> profits or special damages, even if Vulnerability-Lab or its suppliers
> have been advised of the possibility of such damages. Some
> states do not allow the exclusion or limitation of liability for
> consequential or incidental damages so the foregoing limitation
> may not apply. Any modified copy or reproduction, including partially
> usages, of this file requires authorization from Vulnerability-
> Lab. Permission to electronically redistribute this alert in its
> unmodified form is granted. All other rights, including the use of
> other media, are reserved by Vulnerability-Lab or its suppliers.
>
>                                                Copyright ©
> 2011|Vulnerability-Lab
>
> --
> Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com
> Contact: admin@...nerability-lab.com or support@...nerability-lab.com
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ