Document Title: =============== Joomla com_tag v1.7.6 - (tag) SQL Injection Vulnerability References (Source): ==================== http://ift.tt/2pt4DH3 IEDB: http://ift.tt/2pXxTqR Release Date: ============= 2017-05-02 Vulnerability Laboratory ID (VL-ID): ==================================== 2061 Common Vulnerability Scoring System: ==================================== 6.6 Vulnerability Class: ==================== SQL Injection Product & Service Introduction: =============================== Tag Meta allows to efficiently manage all site`s meta information. With Tag Meta, as example, it is possible to set the tag `title` or the meta tags (e.g. from the most common `description`, `keywords`, `robots`, as well as the recently `content rights` and `external reference`) or link `canonical` on any page, just specifying the URL or a part of it. This provides a swiss army knife to improve site positioning in SEO optimization. But Tag Meta also supports regular expressions in the matching rules and this allows to match a group of URLs with a single rule. In this way it is possible to manage metadata from a single control panel. (Copy of the Homepage: http://ift.tt/2qEd8MV ) Abstract Advisory Information: ============================== An independent vulnerability laboratory partner team discovered a sql-injection vulnerability in the official Joomla CMS com_tag (meta) component. Vulnerability Disclosure Timeline: ================================== 2017-05-02: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== SelfGet Product: Joomla com_tag (Meta) Components - (Community) 1.7.6 Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ A remote sql-injection web vulnerability has been discovered in the official Joomla CMS com_tag (meta) component. The issue allows remote attackers to execute own malicious sql commands to compromise the web-application or dbms. The sql-injection vulnerability is located in the `tag` parameter of the `com_tag` joomla web module. The request method to execute is GET and the attack vector is client-side. Remote attackers are able to inject own malicious sql commands via vulnerable `tag` parameter to compromise the web-application or dbms. The web vulnerability is a classic sql-injection in the joomla content management system `com_tag (meta)` component. The security risk of the vulnerability is estimated as high with a common vulnerability scoring system count of 6.6. Exploitation of the sql-injection vulnerability requires no privilege web-application user account or user interaction. Successful exploitation of the web vulnerability results in web-application or database management system compromise. Request Method(s): [+] GET Vulnerable Components(s): [+] com_tag (joomla) Vulnerable File(s): [+] index.php Vulnerable Parameter(s): [+] tag (&tag) Proof of Concept (PoC): ======================= The sql-injection web vulnerability can be exploited by remote attackers without privilege web-application user account or user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Dork(s): inurl:index.php?option=com_tag PoC: Exploitation http://localhost:8080/[PATH]/index.php?option=com_tag&task=tag&tag=-`[SQL-Injection Vulnerability!
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment