Showing 1 - 2 of 2

CVE-2011-1151

Status Candidate

Overview

Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters.

Joomla 1.6.0 SQL Injection: Posted May 31, 2011; Authored by James Bercegay | Site gulftech.org; A vulnerability was discovered by Aung Khant that allows for exploitable SQL Injection attacks against a Joomla 1.6.0 install. This exploit attempts to leverage the SQL Injection to extract admin credentials, and then store those credentials within the notes_db. The vulnerability is due to a validation issue in /components/com_content/models/category.php that erroneously uses the "string" type whenever filtering the user supplied input. This issue was fixed by performing a whitelist check of the user supplied order data against the allowed order types, and also escaping the input.; tags | exploit, php, sql injection; advisories | CVE-2011-1151; SHA-256 | 647e5aeb46772c7d0cdb8e0649db65e77ffaa67a35949d881a8ff0eac18b6c6d; Download | Favorite | View

Joomla 1.6.0 SQL Injection / PHP Execution: Posted Apr 29, 2011; Authored by James Bercegay | Site metasploit.com; A vulnerability was discovered by Aung Khant that allows for exploitable SQL Injection attacks against a Joomla 1.6.0 install. This exploit attempts to leverage the SQL Injection to extract admin credentials, and use those credentials to execute arbitrary PHP code against the target. The vulnerability is due to a validation issue in /components/com_content/models/category.php that erroneously uses the "string" type whenever filtering the user supplied input. This issue was fixed by performing a whitelist check of the user supplied order data against the allowed order types, and also escaping the input.; tags | exploit, arbitrary, php, sql injection; advisories | CVE-2011-1151; SHA-256 | 28c21a2ec7d950cbd9d0976d7cd73119b9bed67f6d2b34e15cc02ba5fdbc2d93; Download | Favorite | View

Page 1 of 1 Back 1 Next