标题:Joomla com_fireboard - SQL Injection Vulnerability 影响版本7.3 程序介绍 Joomla is a free and open source content management system (CMS) for publishing content on the World Wide Web and intranets and a model–view–controller (MVC) Web application framework that can also be used independently. Joomla is written in PHP, uses object-oriented programming (OOP) techniques and software design patterns, stores data in a MySQL database, and includes features such as page caching, RSS feeds, printable versions of pages, news flashes, blogs, polls, search, and support for language internationalization. (详细介绍见官方主页: http://en.wikipedia.org/wiki/Joomla) 风险: ========= The Laboratory Researcher (Nafsh) Ehram Shahmohamadi (sec-lab.ir) discovered a SQL Injection Vulnerability in the com_fireboard module of the joomla CMS. 概要: ======== A SQL Injection vulnerability is detected in the com_fireboard module of the joomla Content Management System. Remote attackers & low privileged user accounts can execute/inject own sql commands to compromise the application dbms. The vulnerability is located in the com_fireboard module with the bound vulnerable func fb_ parameter. Successful exploitation of the vulnerability result in dbms (Server) or application (Web) compromise. Vulnerable Module(s): [+] index.php?option=com_fireboard Vulnerable Parameter(s): [+] func fb_ 测试证明: ================= The sql injection vulnerability can be exploited by remote attackers without user inter action & with low privileged user account. For demonstration or reproduce ... Dork(s): inurl:"id=" & intext:"/com_fireboard/" PoC: http://www.2cto.com /index.php?option=com_fireboard&Itemid=0&id=1&catid=0&func=fb_pdf'[SQL-INJECTION] Reference(s): xxx.com/index.php?option=com_fireboard&Itemid=0&id=1&catid=5&func=fb_pdf'[SQL-INJECTION] xxx.com/2012/index.php?option=com_fireboard&Itemid=79&id=1&catid=2&func=fb_pdf'[SQL-INJECTION] xxx.com/fireboard/index.php?option=com_fireboard&Itemid=38&id=22111&catid=16&func=fb_pdf'[SQL-INJECTION] xxx.com/board/index.php?option=com_fireboard&Itemid=54&id=70122&catid=12&func=fb_pdf'[SQL-INJECTION] xxx.com/jmfireboard/index.php?option=com_fireboard&Itemid=54&id=70122&catid=12&func=fb_pdf'[SQL-INJECTION] -- VULNERABILITY RESEARCH LABORATORY LABORATORY RESEARCH TEAM CONTACT: research@vulnerability-lab.com
查看更多关于Joomla FireBoard组件(com_fireboard) SQL注射及修复 - 网站的详细内容...