Thursday 20 December 2012

[EN] Joomla 3.0.2 leaked again

Joomla 3.0.2 is vulnerable to sql leak.

If user supplied malformed data to cookie (by adding a value to md5 string), then
sql leak is possible and Joomla's table names prefix can be read.

Add 'malformed' value here - Burp

... and now you can see an error from <prefix>_session table:

SQL Leak - now you know what is the prefix

:)

If you watch this request/response you will see that those screens was created from 'administrators' link. To stop comments like 'not usefull because possible from admin' - try to reproduce this from normal (registered) or pre-auth user. ;)

Another place where user can input malformed data, looks like this:

SQL Leak


cheers

No comments:

Post a Comment

What do You think...?