-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 5 Nov 2010 21:41:42 +0800 YGN Ethical Hacker Group <[email protected]> wrote:
> This public disclosure has achieved its aim. > > Joomla! Team finally patched this hole. > > > http://developer.joomla.org/security/news/9-security/10-core-security/323-20101101-core-sqli-info-disclosurevulnerabilities.html > > Upgrade to the latest Joomla! version (1.5.22 or later). > > > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> > > > 1. VULNERABILITY DESCRIPTION > > > Potential SQL Injection Flaws were detected Joomla! CMS version > 1.5.20. These flaws were reported along with our Cross Scripting Flaw > which was fixed in 1.5.21. Developers believed that our reported SQL > Injection flaws are not fully exploitable because of Joomla! built-in > string filters and were not fixed in 1.5.21 which is currently the > latest version. > > > 2. PROOF-OF-CONCEPT/EXPLOIT > > http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_(filter_order)_front.jpg > http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order_Dir%29_front.jpg > http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order_Dir%29_back.jpg > > > 3. DISCLOSURE TIME-LINE > > > 2010-10-06 : Notified Joomla! Security Strike Team > 2010-11-01 : Vulnerability disclosed > 2010-11-05 : Patched version (1.5.22) released > > 4. VENDOR > > Joomla! Developer Team > http://www.joomla.org > http://www.joomla.org/download.html CVE-2010-4166 can be used when dealing with this issue. Best regards, Henri Salo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkzeXBUACgkQXf6hBi6kbk8fRwCgkvUjPDeZkL1DbwVjHGqfHGV8 oWkAoJ6y34brWQW+S0gEZ8McY0eOye5w =yn83 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
