Joomla FireBoard component(com_fireboard) SQL injection and fix-vulnerability warning-the black bar safety net

2012-08-12T00:00:00
ID MYHACK58:62201234588
Type myhack58
Reporter 佚名
Modified 2012-08-12T00:00:00

Description

Effects version 7. 3

Program description

Joomla is a free and open source content management system (CMS) for publishing content on the World

Wide Web and intranets and a model–view–controller (MVC) Web application framework that can also be

used independently.

Joomla is written in PHP, uses object-oriented programming (OOP) techniques and software design

patterns, stores data in a MySQL database, and includes features such as page caching,

RSS feeds, printable versions of pages, news flashes, blogs, polls, search, and support for language

internationalization.

(Details see the official homepage: http://en.wikipedia.org/wiki/Joomla)

Risk:

=========

The Laboratory Researcher (Nafsh) Ehram Shahmohamadi (sec-lab. ir) discovered a SQL Injection Vulnerability in

the com_fireboard module of the joomla CMS.

Summary:

========

A SQL Injection vulnerability is detected in the com_fireboard module of the joomla Content Management System.

Remote attackers &low privileged user accounts can execute/inject own sql commands to compromise the application dbms.

The vulnerability is located in the com_fireboard module with the bound vulnerable func fb_ parameter.

Successful exploitation of the vulnerability result in dbms (Server) or application (Web) compromise.

Vulnerable Module(s):

[+] index. php? option=com_fireboard

Vulnerable Parameter(s):

[+] func fb_

Test to prove:

=================

The sql injection vulnerability can be exploited by remote attackers without user inter action & with low

privileged user account. For demonstration or reproduce ...

Dork(s):

inurl:"id=" & intext:"/com_fireboard/"

PoC:

http://www.xxx.com/index.php?option=com_fireboard&Itemid=0&id=1&catid=0&func=fb_pdf'[SQL-INJECTION]

Reference(s):

xxx.com/index.php?option=com_fireboard&Itemid=0&id=1&catid=5&func=fb_pdf'[SQL-INJECTION]

xxx.com/2012/index.php?option=com_fireboard&Itemid=7 9&id=1&catid=2&func=fb_pdf'[SQL-INJECTION]

xxx.com/fireboard/index.php?option=com_fireboard&Itemid=3 8&id=2 2 1 1 1&catid=1 6&func=fb_pdf'[SQL-INJECTION]

xxx.com/board/index.php?option=com_fireboard&Itemid=5 4&id=7 0 1 2 2&catid=1 2&func=fb_pdf'[SQL-INJECTION]

xxx.com/jmfireboard/index.php?option=com_fireboard&Itemid=5 4&id=7 0 1 2 2&catid=1 2&func=fb_pdf'[SQL-INJECTION]

--

VULNERABILITY RESEARCH LABORATORY

LABORATORY RESEARCH TEAM

CONTACT: research@vulnerability-lab.com