CVE-2010-4990
Description
SQL injection vulnerability in the Front-edit Address Book (com_addressbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a contact action to index.php.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Joomla! Component Address Book - Blind SQL Injection
1 ########################################## 1
0 I'm Sid3^effects member from Inj3ct0r Team 1
1 ########################################## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
Name : Joomla com_addressbook Blind Sqli Vulnerability
Date : july 4,2010
Critical Level : HIGH
vendor URL :http://b-elektro.no/
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz
#######################################################################################################
Description:
The Front-edit Address Book is a powerful, but easy to use address book component for Joomla. If you are looking for a address book, or just a component that allows users to manage contact information directly from front, this might be what you are looking for.
Some features:
* Allows users to create, edit and delete contact information directly from front.
* Multiple layouts available ("table", "list" and "single contact layout").
* Some access control based on usergroups or individual users.
* The component is designed to work together with com_contact (the joomla core contact component).
#######################################################################################################
Xploit :Blind SQli Vulnerability
DEMO URL :http://server/index.php?option=com_addressbook&view=contact&Itemid=[Bsqli]
###############################################################################################################
# 0day no more
# Sid3^effects Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| b-elektro | com_addressbook | | |
| joomla | joomla\! | | |
References
- http://www.exploit-db.com/exploits/14210
- http://www.securityfocus.com/bid/41353
- http://www.vupen.com/english/advisories/2010/1702
- https://exchange.xforce.ibmcloud.com/vulnerabilities/60092
- http://www.exploit-db.com/exploits/14210
- http://www.securityfocus.com/bid/41353
- http://www.vupen.com/english/advisories/2010/1702
- https://exchange.xforce.ibmcloud.com/vulnerabilities/60092
CWEs
CWE-89
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.