Menu Content

Podpora

> Diskusní fóra, FAQs & placená podpora
Welcome, Guest
Username Password: Remember me

com_search blind sql queries
(1 viewing) (1) Guest
Support forum for users using free edition of JoomSEF 3 (Joomla 1.5 compatible). These forums are mainly for mutual help between users.

Please note that due to our capacity limitations, we do not monitor these forums regularly.
  • Page:
  • 1

TOPIC: com_search blind sql queries

com_search blind sql queries 17 years, 3 months ago #3118

I'm building a site for a university, I had their it department look at the dev site and i got this report back. Is this a security hole in the search component? What can be done to fix this?

I've been working with the joomla dev team and we haven't been able to find anything in the joomla code so our guess is that something is happening with JoomSEF possibly sef_ext/com_search.php?

Any help would be greatly appreciated. A copy of the site is at dev.hnd.sametz.com.

Thanks for your help!

Andy

************Message from harvard IT***************

Web ports have not been opened to this system at this time. A vulnerability
scan revealed the following high risk vulnerability:

wpoison (nasl version)

The following URLs seem to be vulnerable to BLIND SQL injection
techniques :

/index.php?-='+AND+'b'>'a&Itemid=92&searchword=&id=54&task=view&option=com_s
earch
/index.php?-=&Itemid=92&searchword=&id=54'+AND+'b'>'a&task=view&option=com_s
earch
/index.php?-=&Itemid=92&searchword=&id=54&task=view'+AND+'b'>'a&option=com_s
earch



An attacker may exploit this flaws to bypass authentication
or to take the control of the remote database.


Solution : Modify the relevant CGIs so that they properly escape arguments
Risk factor : High
See also : www.securitydocs.com/library/2651
  • Page:
  • 1
Přihlášení uživatele Prázdný