Lucene search
K

Joomla JE Guestbook 1.0 Local File Inclusion / SQL Injection

🗓️ 30 Sep 2010 00:00:00Reported by Salvatore FrestaType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 25 Views

JE Guestbook 1.0 Joomla Component Vulnerabilities by Salvatore Frest

Code
`JE Guestbook 1.0 Joomla Component Multiple Remote Vulnerabilities  
  
Name JE Guestbook  
Vendor http://www.joomlaextensions.co.in  
Versions Affected 1.0  
  
Author Salvatore Fresta aka Drosophila  
Website http://www.salvatorefresta.net  
Contact salvatorefresta [at] gmail [dot] com  
Date 2010-09-30  
  
X. INDEX  
  
I. ABOUT THE APPLICATION  
II. DESCRIPTION  
III. ANALYSIS  
IV. SAMPLE CODE  
V. FIX  
  
  
I. ABOUT THE APPLICATION  
________________________  
  
JE Guest Component is an open source Joomla guestbook  
component with spam protection and many customization  
options.  
  
  
II. DESCRIPTION  
_______________  
  
Some parameters are not properly sanitised.  
  
  
III. ANALYSIS  
_____________  
  
Summary:  
  
A) Local File Inclusion  
B) Multiple Blind SQL Injection  
  
  
A) Local File Inclusion  
_______________________  
  
Input passed to the "view" parameter in jeguestbook.php  
(when option is set to com_jeguestbook) is not properly  
verified before being used to include files. This can be  
exploited to include arbitrary files from local  
resources via directory traversal attacks and  
URL-encoded NULL bytes.  
  
  
B) Multiple Blind SQL Injection  
_______________________________  
  
Many parameters are not properly sanitised before being  
used in SQL queries.This can be exploited to manipulate  
SQL queries by injecting arbitrary SQL code.  
  
  
IV. SAMPLE CODE  
_______________  
  
A) Local File Inclusion  
  
http://site/path/index.php?option=com_jeguestbook&view=../../../../../../../../etc/passwd%00  
  
  
B) Multiple Blind SQL Injection  
  
http://site/path/index.php?option=com_jeguestbook&view=item_detail&d_itemid=-1 OR (SELECT(IF(0x41=0x41, BENCHMARK(999999999,NULL),NULL)))  
  
  
V. FIX  
______  
  
No fix.  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation