Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 162750 - www-apps/joomla Multiple SQL Injection Vulnerabilities
Summary: www-apps/joomla Multiple SQL Injection Vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal
Assignee: Gentoo Security
URL: http://www.securityfocus.com/bid/22122
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-01-19 07:21 UTC by Executioner
Modified: 2007-02-10 19:45 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Executioner 2007-01-19 07:21:02 UTC 
He tests on 1.0.11 but says its fixed in SVN so I assume we're still vulnerable...  I'll check the source when I get a chance.

The other sql injection, is the same bug described bellow for Mambo 4.6.1 and
Joomla 1.0.11 . This has been solved in SVN version, but the SVN version has
another sql injection :
The 'catid' parameter is not checked properly in "_buildQuery()" function :

File components/com_weblinks/models/category.php, Line 209 :
:: $query = "SELECT *" .
:: "\n FROM #__weblinks" .
** "\n WHERE catid = $this->_id".
:: "\n AND published = 1" .
:: "\n AND archived = 0".
:: "\n ORDER BY $filter_order $filter_order_dir, ordering";

PoC : http://hacked/index.php?option=com_weblinks&catid=1%20SQLINJECTION



Reproducible: Didn't try




http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html
Comment 1 Matthias Geerdsen (RETIRED) gentoo-dev 2007-01-26 12:25:29 UTC 
could someone check this please? web-apps?
Comment 2 Renat Lumpau (RETIRED) gentoo-dev 2007-01-26 23:38:22 UTC 
version in the tree is 1.0.12
Comment 3 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-02-10 19:45:25 UTC 
Thanks; closing since ~arched