Joomla! 1.6.0 was vulnerable to SQL Injection.
Joomla is a free and open source content management system (CMS) for
publishing content on the World Wide Web and intranets. It comprises a
model–view–controller (MVC) Web application framework that can also be
used independently.
Joomla is written in PHP, uses object-oriented programming (OOP)
techniques and software design patterns, stores data in a MySQL
database, and includes features such as page caching, RSS feeds,
printable versions of pages, news flashes, blogs, polls, search, and
support for language internationalization.
Parameters (filter_order, filer_order_Dir) were not properly sanitized
in Joomla! that lead to SQL Injection vulnerability. This could an
attacker to inject or manipulate SQL queries in the back-end database,
allowing for the manipulation or disclosure of arbitrary data.
Joomla! 1.6.0
This is the exact same variant as shown in Joomla! 1.5.21:
http://yehg.net/lab/pr0js/advisories/joomla/core/[joomla_1.5_21]_sql_injection
We thought Joomla! team would fix this issue in 1.6.0 stable release
whilst they fixed it in Joomla! 1.5.22!
Upgrade to Joomla! 1.6.1 or higher
Joomla! Developer Team
http://www.joomla.org
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
2011-01-24: notified vendor
2011-03-08: vendor released fix
2011-03-14: vulnerability disclosed
Vendor Advisory URL:
http://developer.joomla.org/security/news/328-20110201-core-sql-injection-path-disclosure.html
Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/joomla/core/[joomla_1.6.0]_sql_injection
OWASP Top 10: http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
CWE-89: http://cwe.mitre.org/data/definitions/89.html
#yehg [2011-03-14]
Best regards,
YGN Ethical Hacker Group
Yangon, Myanmar
http://yehg.net
Our Lab | http://yehg.net/lab
Our Directory | http://yehg.net/hwd