Joomla, Security

Joomla! Xmap Component “view” SQL Injection Vulnerability

Description

A vulnerability has been reported in the Xmap component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the “view” parameter to index.php (when “option” is set to “com_xmap”) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 1.2.11. Prior versions may also be affected.

Solution

Update to version 1.2.12.

Provided and/or discovered by
Reported by the Joomla! VEL team.

Original Advisory
http://docs.joomla.org/Vulnerable_Extensions_List#xmap

# Exploit Title: Xmap 1.2.11 Joomla Component Blind SQL Injection
# Date: 12 July 2011 # Author: jdc
# Software Link: http://joomlacode.org/gf/project/xmap/frs/?action=FrsReleaseBrowse&frs_package_id=3882
# Version: 1.2.11
# Fixed In: 1.2.12 Versions prior to 1.2.12 suffer from a blind sql injection in the “view” parameter, depending on Xmap’s internal cache settings.

POSTDATA: option=com_xmap&tmpl=component&Itemid=999&view=[SQL]

1.2.12 has been patched. Older versions with cache=off cannot be exploited in this fashion.


Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s