I'm building a site for a university, I had their it department look at the dev site and i got this report back. Is this a security hole in the search component? What can be done to fix this?
I've been working with the joomla dev team and we haven't been able to find anything in the joomla code so our guess is that something is happening with JoomSEF possibly sef_ext/com_search.php?
Any help would be greatly appreciated. A copy of the site is at
dev.hnd.sametz.com.
Thanks for your help!
Andy
************Message from harvard IT***************
Web ports have not been opened to this system at this time. A vulnerability
scan revealed the following high risk vulnerability:
wpoison (nasl version)
The following URLs seem to be vulnerable to BLIND SQL injection
techniques :
/index.php?-='+AND+'b'>'a&Itemid=92&searchword=&id=54&task=view&option=com_s
earch
/index.php?-=&Itemid=92&searchword=&id=54'+AND+'b'>'a&task=view&option=com_s
earch
/index.php?-=&Itemid=92&searchword=&id=54&task=view'+AND+'b'>'a&option=com_s
earch
An attacker may exploit this flaws to bypass authentication
or to take the control of the remote database.
Solution : Modify the relevant CGIs so that they properly escape arguments
Risk factor : High
See also :
www.securitydocs.com/library/2651
