Joomla component com_jinc 0.2 - (newsid) Blind SQL Injection Vulnerability

ID SSV:66918
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.

joomla component com_jinc (newsid) Blind SQL Injection Vulnerability

Author          : Chip D3 Bi0s
Group           : LatiHackTeam
Email           : chipdebios[alt+64]
Date            : 21 September 2009
Critical Lvl    : Moderate
Impact	        : Exposure of sensitive information
Where	        : From Remote

Affected software description:

Application     : JINC (Joomla! Integrated Newsletters Component)
version         : 0.2
Developer       : lhacky
License         : GPL            type  : Non-Commercial
Date Added      : 2 September 2009
Demo            :

Download        :

Description     :

JINC (Joomla! Integrated Newsletters Component) is a easy-to-use and administer newsletter component for Joomla!.
Using JINC your website users can auto-subscribe and unsubscribe to newsletters you defined.

JINC includes classical newsletter functionalities

* Newsletter, messages and subscription management.
* TAG substitution inside the messages body.
* User auto-registration with welcome message at subscription time.
* Newsletter Disclaimer.
* HTML and Text Plain messages.
* Massive or personalized messages.
* Reports on message sending.
* Subscription creating user "on the fly".
* Message preview to message creator before sending to the newsletter subscribers


I.Blind SQL injection (newsid) Poc/Exploit:

To make, you must be registered

[!] Produced in South America

# [2009-09-21]