############################################################
#
# Title : Joomla com_niceajaxpoll <= 1.3.0 SQL Injection Vulnerability
# Author : Patrick de Brouwer - @knickz0r
# NLSecurity - www.nlsecurity.org
#
# Dork : inurl:"/index.php?option=com_niceajaxpoll"
#
# Software : Joomla component Nice Ajax Poll <= 1.3.0
# http://dmitry.dn.ua/my-projects/304-nice-ajax-poll.html
#
# Vendor : Dima Kuprijanov
#
# Date : 2012-07-31
#
############################################################
+ -- --=[ 0x01 - Software description
Nice Ajax Poll is a component for the Joomla! CMS which all-
ows users to vote on certain questions or statements.
+ -- --=[ 0x02 - Vulnerability description
There is a SQL Injection vulnerability that can be called f-
rom within the website to perform the SQL Injection attack.
+ -- --=[ 0x03 - Impact
The impact of this vulnerability should be rated as critical
as it is possible to access the database and therefore retr-
eive user information such as usernames, passwords and other
data. When abused, hackers could gain access to the adminis-
trative interface of Joomla.
+ -- --=[ 0x04 - Affected versions
As of the source code, the version containint this vulnerab-
ility was version 1.3.0. It was not proven that the vulnera-
bility does not exist in newer or earlier versions. Therfore
the vulnerability is considered available in versions below
1.3.0.
+ -- --=[ 0x05 - Vendor contact trail
Contact has not been made with the author. Author will rece-
ive a copy of the vulnerability disclosure.
+ -- --=[ 0x06 - Proof of Concept (PoC)
In:
/components/com_niceajaxpoll/views/niceajaxpoll/tmpl/default.php
there is a call to:
index.php?option=com_niceajaxpoll&getpliseid="+id,
which is located on line 32. In practice this vulnerability
has been verified by exploiting the following:
/index.php?option=com_niceajaxpoll&getpliseid=1 OR 1=1
,-------
'- SQLi
