Joomla BF Quiz 1.3.0 SQL Injection

2010-05-30T00:00:00
ID PACKETSTORM:90080
Type packetstorm
Reporter Valentin Hoebel
Modified 2010-05-30T00:00:00

Description

                                        
                                            `# Exploit Title: Joomla Component BF Quiz SQL Injection Vulnerability  
# Date: 29th May 2010  
# Author: Valentin  
# Category: webapps/0day  
# Version: 1.3.0  
# Tested on: Debian, Apache2, MySQL 5  
# CVE :   
# Code :   
  
  
[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]  
>> General Information   
Advisory/Exploit Title = Joomla Component BF Quiz SQL Injection Vulnerability  
Author = Valentin Hoebel  
Contact = valentin@xenuser.org  
  
  
[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]  
>> Product information  
Name = BF Quiz  
Vendor = Tamlyn Creative Pty Ltd  
Vendor Website = http://www.tamlyncreative.com/software/  
Affected Version(s) = 1.3.0  
  
  
[:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]  
>> SQL Injection  
Example URI =   
index.php?option=com_bfquiztrial&view=bfquiztrial&catid=[SQL Injection]&Itemid=62  
  
  
[:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]  
>> Additional Information  
Advisory/Exploit Published = 29th May 2010  
  
I found this vulnerability while testing my new SQL injection vulnerability scanner.  
(Will be released soon!)  
Actually didn't find the vulnerability when I looked at this Joomla component for  
the first time, lol.  
  
  
[:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]  
>> Misc  
Greetz && Thanks = inj3ct0r team, Exploit DB and hack0wn!  
Special Greetz = cr4wl3r and /JosS!  
<3 packetstormsecurity.org!  
  
  
[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]  
`