Full Disclosure: Re: Joomla 1.5.21 | Potential SQL Injection Flaws

Re: Joomla 1.5.21 | Potential SQL Injection Flaws

From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Sun, 31 Oct 2010 20:34:39 +0000

According to your site, you want "to entice young Burmese people into ethical hacking" and "raise students' interest in 
security/hacking in an ethical manner," yet you "disclosed these flaws in order for someone who can exploit these flaws 
to the next maximum level"? 

Douche. 

t



-----Original Message-----
From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of 
YGN Ethical Hacker Group
Sent: Sunday, October 31, 2010 12:19 PM
To: full-disclosure () lists grok org uk; bugtraq () securityfocus com; bugs () securitytracker com; vuln () secunia 
com; secalert () securityreason com; news () securiteam com; vuln () security nnov ru
Subject: [Full-disclosure] Joomla 1.5.21 | Potential SQL Injection Flaws

1. VULNERABILITY DESCRIPTION


Potential SQL Injection Flaws were detected Joomla! CMS version 1.5.20. These flaws were reported along with our Cross 
Scripting Flaw which was fixed in 1.5.21. Developers believed that our reported SQL Injection flaws are not fully 
exploitable because of Joomla! built-in string filters and were not fixed in 1.5.21 which is currently the latest 
version.

As a result, we disclosed these flaws  in order for someone who can exploit these flaws to the next maximum level.


2. PROOF-OF-CONCEPT/EXPLOIT

http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_(filter_order)_front.jpg
http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order_Dir%29_front.jpg
http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order_Dir%29_back.jpg


3. DISCLOSURE TIME-LINE


2010-10-06  : Notified Joomla! Security Strike Team
2010-11-01  : Vulnerability disclosed


4. VENDOR

Joomla! Developer Team
http://www.joomla.org
http://www.joomla.org/download.html

________________________________________________________

# YGN Ethical Hacker Group
# http://yehg.net
# 2010-11-1

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Joomla 1.5.21 | Potential SQL Injection Flaws YGN Ethical Hacker Group (Oct 31)
- Re: Joomla 1.5.21 | Potential SQL Injection Flaws Thor (Hammer of God) (Oct 31)
  - Re: Joomla 1.5.21 | Potential SQL Injection Flaws Thor (Hammer of God) (Oct 31)
  - Re: Joomla 1.5.21 | Potential SQL Injection Flaws YGN Ethical Hacker Group (Oct 31)