Description:
Some vulnerabilities have been reported in the Memory Book! component for Joomla!, which can be exploited by malicious users to conduct SQL injection attacks and potentially compromise a vulnerable system.
1) Input passed to the event description when adding a new event is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation may require a valid user account.
2) The security issue is caused due to the application improperly validating uploaded files. This can be exploited to execute arbitrary PHP code by uploading a PHP file with e.g. an appended ".jpg" file extension.
Successful exploitation may require a valid user account that Apache is not configured to handle the mime-type for uploadable media files.
Vulnerable Memory Book! Component SQL Injection and LFI
Moderator: General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
-
fw116
- Joomla! Ace
- Posts: 1373
- Joined: Tue Sep 06, 2005 11:18 am
- Location: Germany
Vulnerable Memory Book! Component SQL Injection and LFI
Last edited by mandville on Mon Jan 04, 2010 8:47 pm, edited 1 time in total.
Reason: title naming convention
Reason: title naming convention
-
lafrance
- Joomla! Ace
- Posts: 1116
- Joined: Thu Jan 11, 2007 5:02 pm
- Location: Alberta,Canada
- Contact:
Re: Memory Book! Component SQL Injection and File Upload Vulnera
Thank you for the information.fw116 wrote:Description:
Some vulnerabilities have been reported in the Memory Book! component for Joomla!, which can be exploited by malicious users to conduct SQL injection attacks and potentially compromise a vulnerable system.
1) Input passed to the event description when adding a new event is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation may require a valid user account.
2) The security issue is caused due to the application improperly validating uploaded files. This can be exploited to execute arbitrary PHP code by uploading a PHP file with e.g. an appended ".jpg" file extension.
Successful exploitation may require a valid user account that Apache is not configured to handle the mime-type for uploadable media files.
Trying to replicate exploit so far cannot confirm it.
VEL contributor @ http://docs.joomla.org/Investigation_of_exploits
OSM,Trademark and Licensing Team,jed editor
Please no pm direct contact irc freenode.net #joomla
OSM,Trademark and Licensing Team,jed editor
Please no pm direct contact irc freenode.net #joomla
-
fw116
- Joomla! Ace
- Posts: 1373
- Joined: Tue Sep 06, 2005 11:18 am
- Location: Germany
-
lafrance
- Joomla! Ace
- Posts: 1116
- Joined: Thu Jan 11, 2007 5:02 pm
- Location: Alberta,Canada
- Contact:
Re: Memory Book! Component SQL Injection and File Upload Vulnera
VEL contributor @ http://docs.joomla.org/Investigation_of_exploits
OSM,Trademark and Licensing Team,jed editor
Please no pm direct contact irc freenode.net #joomla
OSM,Trademark and Licensing Team,jed editor
Please no pm direct contact irc freenode.net #joomla
-
fw116
- Joomla! Ace
- Posts: 1373
- Joined: Tue Sep 06, 2005 11:18 am
- Location: Germany
Re: Memory Book! Component SQL Injection and File Upload Vulnera
ok,lafrance wrote:got it thank youu
was added on Dec 27 http://docs.joomla.org/Vulnerable_Extensions_List
do you have a update link ? so we can provide a solution ?
because it's still "unsolved" also on secunia...
-
lafrance
- Joomla! Ace
- Posts: 1116
- Joined: Thu Jan 11, 2007 5:02 pm
- Location: Alberta,Canada
- Contact:
Re: Memory Book! Component SQL Injection and File Upload Vulnera
As far as I know there as been no fixes at this time.fw116 wrote:ok,lafrance wrote:got it thank youu
was added on Dec 27 http://docs.joomla.org/Vulnerable_Extensions_List
do you have a update link ? so we can provide a solution ?
because it's still "unsolved" also on secunia...
we added this Multiple Vulnerabilities. requires: magic quotes OFF, user account
However contact with developer sometime is slow to response I still waiting for a major dev to reply about 1 security issues from Novemeber and he just disregard any emails attempts.
If were lucky they contact us or it update to jed then we update our list.
FYI lately the new exploit are spam and need to be taken with a grain of salt work on 1 for over one hour and none of the exploit work try others also the same try it on all version none work.
That one reason if you do not see it on VEL it spam report from exploit.db or as nothing to do with joomla even if they use joomla in the name.
Hope this help,thank you for Pm
VEL contributor @ http://docs.joomla.org/Investigation_of_exploits
OSM,Trademark and Licensing Team,jed editor
Please no pm direct contact irc freenode.net #joomla
OSM,Trademark and Licensing Team,jed editor
Please no pm direct contact irc freenode.net #joomla
-
jeffchannell
- Joomla! Ace
- Posts: 1964
- Joined: Tue Jun 09, 2009 2:21 am
- Location: WV
- Contact:
Re: Vulnerable Memory Book! Component SQL Injection and LFI
lafrance: good luck contacting MemoryBook's dev...
-- jdc
-- jdc
http://jeffchannell.com - Joomla Extensions & Support
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
καλλιστι
-
lafrance
- Joomla! Ace
- Posts: 1116
- Joined: Thu Jan 11, 2007 5:02 pm
- Location: Alberta,Canada
- Contact:
Re: Vulnerable Memory Book! Component SQL Injection and LFI
Hello !jeffchannell wrote:lafrance: good luck contacting MemoryBook's dev...
-- jdc
Yes a same so many developer just disregard there extension exploit and worst refuse to removed Then and new users get exploited..
Same Same on them
VEL contributor @ http://docs.joomla.org/Investigation_of_exploits
OSM,Trademark and Licensing Team,jed editor
Please no pm direct contact irc freenode.net #joomla
OSM,Trademark and Licensing Team,jed editor
Please no pm direct contact irc freenode.net #joomla
-
jeffchannell
- Joomla! Ace
- Posts: 1964
- Joined: Tue Jun 09, 2009 2:21 am
- Location: WV
- Contact:
Re: Vulnerable Memory Book! Component SQL Injection and LFI
Well I know I couldn't find it...
http://jeffchannell.com - Joomla Extensions & Support
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
καλλιστι
-
lafrance
- Joomla! Ace
- Posts: 1116
- Joined: Thu Jan 11, 2007 5:02 pm
- Location: Alberta,Canada
- Contact:
Re: Vulnerable Memory Book! Component SQL Injection and LFI
Just maybe if you stop slapping yourself you could find itjeffchannell wrote:Well I know I couldn't find it...
VEL contributor @ http://docs.joomla.org/Investigation_of_exploits
OSM,Trademark and Licensing Team,jed editor
Please no pm direct contact irc freenode.net #joomla
OSM,Trademark and Licensing Team,jed editor
Please no pm direct contact irc freenode.net #joomla
