BLOG OF H7T_2002

Bạn có muốn phản ứng với tin nhắn này? Vui lòng đăng ký diễn đàn trong một vài cú nhấp chuột hoặc đăng nhập để tiếp tục.
BLOG OF H7T_2002

Trang cá nhân của H7T_2002++


    Joomla 1.5.21 | Potential SQL Injection Flaws

    h7t_2002
    avatar
    h7t_2002
    --[DEVELOPER]--
    --[DEVELOPER]--


    Tổng số bài gửi : 67
    Join date : 01/06/2009
    Age : 33
    Đến từ : /dev/null
    • Post n°1

    Joomla 1.5.21 | Potential SQL Injection Flaws Empty Joomla 1.5.21 | Potential SQL Injection Flaws

    Bài gửi by h7t_2002 Mon Nov 15, 2010 6:58 am

    1. VULNERABILITY DESCRIPTION


    Potential SQL Injection Flaws were detected Joomla! CMS version
    1.5.20. These flaws were reported along with our Cross Scripting Flaw
    which was fixed in 1.5.21. Developers believed that our reported SQL
    Injection flaws are not fully exploitable because of Joomla! built-in
    string filters and were not fixed in 1.5.21 which is currently the
    latest version.

    As a result, we disclosed these flaws in order for someone who can
    exploit these flaws to the next maximum level.


    2. PROOF-OF-CONCEPT/EXPLOIT

    http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_(filter_order)_front.jpg
    http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order_Dir%29_front.jpg
    http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order_Dir%29_back.jpg


    3. DISCLOSURE TIME-LINE


    2010-10-06 : Notified Joomla! Security Strike Team
    2010-11-01 : Vulnerability disclosed


    4. VENDOR

    Joomla! Developer Team
    http://www.joomla.org
    http://www.joomla.org/download.html
    • Về Đầu Trang
      Hôm nay: Mon May 20, 2024 8:14 am