Which version is this?
On Sat, Nov 12, 2011 at 12:35 AM, [email protected] < [email protected]> wrote: > Title: > ====== > Joomla Component (com_content) - Blind SQL Injection Vulnerability > > > Date: > ===== > 2011-11-11 > > > References: > =========== > http://www.vulnerability-lab.com/get_content.php?id=323 > > > VL-ID: > ===== > 323 > > > Introduction: > ============= > Joomla is a free and open source content management system (CMS) for > publishing content on > the World Wide Web and intranets and a model–view–controller (MVC) Web > application framework > that can also be used independently. > Joomla is written in PHP, uses object-oriented programming (OOP) > techniques and software design > patterns[citation needed], stores data in a MySQL database, and includes > features such as page > caching, RSS feeds, printable versions of pages, news flashes, blogs, > polls, search, and support > for language internationalization. > Joomla had been downloaded 23 million times. Between March 2007 and > February 2011 there had been > more than 21 million downloads. There are over 7,400 free and commercial > extensions available > from the official Joomla! Extension Directory and more available from > other sources > > (Copy of the Vendor Website: http://en.wikipedia.org/wiki/Joomla!) > > > Abstract: > ========= > A vulnerability laboratory researcher discovered a Blind SQL Injection > vulnerability on the com_content component of the joomla CMS. > > > Status: > ======== > Published > > > Exploitation-Technique: > ======================= > Remote > > > Severity: > ========= > Critical > > > Details: > ======== > A blind SQL Injection vulnerability was detected on the com_content > component of the joomla CMS. > The vulnerability allows an attacker (remote) to inject/execute own sql > statements on the affected application dbms. > Successful exploitation of the vulnerability can result in compromise of > the affected application dbms. > > Vulnerable Module(s): > [+] com_content > > > Proof of Concept: > ================= > The vulnerability can be exploited be remote attackers. For demonstration > or reproduce ... > > 1: [Site]/joomla/index.php?option=com_content&view=archive&year=1 [BSQLI] > > 2: [Site]/joomla/index.php?option=com_content&view=archive&year=-1 or 1=1-- > > 3: [Site]/joomla/index.php?option=com_content&view=archive&year=-1 or 1=0-- > > > [x] Demo : > > http://www.paul.house.gov/index.php?option=com_content&view=archive&year=-1or > 1=0-- > > > Risk: > ===== > The security risk of the blind sql injection vulnerability is estimated as > critical. > > > Credits: > ======== > E.Shahmohamadi (IRAN) > > > Disclaimer: > =========== > The information provided in this advisory is provided as it is without any > warranty. Vulnerability-Lab disclaims all warranties, > either expressed or implied, including the warranties of merchantability > and capability for a particular purpose. Vulnerability- > Lab or its suppliers are not liable in any case of damage, including > direct, indirect, incidental, consequential loss of business > profits or special damages, even if Vulnerability-Lab or its suppliers > have been advised of the possibility of such damages. Some > states do not allow the exclusion or limitation of liability for > consequential or incidental damages so the foregoing limitation > may not apply. Any modified copy or reproduction, including partially > usages, of this file requires authorization from Vulnerability- > Lab. Permission to electronically redistribute this alert in its > unmodified form is granted. All other rights, including the use of > other media, are reserved by Vulnerability-Lab or its suppliers. > > Copyright © > 2011|Vulnerability-Lab > > -- > Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com > Contact: [email protected] or [email protected] > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
