Joomla Component ChronoConnectivity Blind SQL Injection Vulnerability

vendor:

ChronoConnectivity

by:

_mlk_ (Renan)

7,5

CVSS

HIGH

Blind SQL Injection

CWE

Product Name: ChronoConnectivity

Affected Version From:

Affected Version To:

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: all OS

2010

Joomla Component ChronoConnectivity Blind SQL Injection Vulnerability

ChronoConnectivity for Joomla 1.5 is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable parameter 'itemid' in the URL. This can allow the attacker to gain access to the database and potentially gain access to sensitive information.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to update to the latest version of the software.

Source

Exploit-DB raw data:

# Exploit Title: Joomla Component ChronoConnectivity
# Date: 01, June 2010
# Author:  _mlk_ (Renan)
# Software Link: http://bugsec.googlecode.com/files/joomla_chronoconnectivity.zip
# Version: 0
# Tested on: all OS
# CVE : 0
# Code : here

Joomla Component ChronoConnectivity (com_chronoconnectivity) - Blind SQL Injection Vulnerability

###################################################################################################################################


   [!] Discovered by : _mlk_ (Renan)

   [!] Teams : c00kies , BugSec , BotecoUnix & c0d3rs

   [!] Homepages :  http://code.google.com/p/bugsec/  <>  http://botecounix.com.br/blog/  <>  http://c0d3rs.wordpress.com/

   [!] Location : Porto Alegre - RS, Brasil
                         (or Brazil)

###################################################################################################################################


      [-] Information

   [?] Script : ChronoConnectivity for Joomla 1.5

   [?] Vendor :  http://www.chronoengine.com/

   [?] Dork/String :  "index.php?option=com_chronoconnectivity" / "com_chronoconnectivity"

   [?] Download : http://www.chronoengine.com/downloads/7-chronoconnectivity.html

   [?] Date :  01, June 2010


###################################################################################################################################


      [*] Example :

         http://localhost/index.php?option=com_chronoconnectivity&itemid=1 [Blind-SQL]
         http://localhost/[PATH]/index.php?option=com_chronoconnectivity&itemid=1 [Blind-SQL]


###################################################################################################################################


    [~] Agradecimentos :

        Deus , Familiares , Amigos e Tricolor Gaúcho (Grêmio) .


###################################################################################################################################