SQL injection found in joomla 3.4.5
The Joomla team just fixed a new Joomla version (3.4.5) to fix some serious security vulnerabilities in joomla. The most critical one is a remote and unauthenticated SQL injection on the com_contenthistory module (included by default) that allows for a full take over of the vulnerable site complete database.By using this vulnerability Joomla site database can be hacked completely.
Joomla – one of the most popular open source Content Management System (CMS) software packages for website development, has reportedly patched three critical vulnerabilities in its software package.This is the complete Tutorial for this joomla sql injection vulnerability.
The flaws, exist in the Joomla version 3.2 to 3.4.4, include SQL injection vulnerabilities that could allow hackers to take admin privileges on most customer websites and they can hack complete joomla site database.
The patch was an upgrade to Joomla version 3.4.5 and only contained security fixes which are recently patched.
The vulnerability, discovered by Trustwave SpiderLabs researcher Asaf Orpani and Netanel Rubin of PerimeterX, could be exploited to attack a website with SQL injections.
SQL injection (SQLi) is an injection attack wherein a black hack can inject/insert malicious SQL commands/query (malicious payloads) through the input data from the client to the application.
The vulnerability is one of the oldest, most powerful and most dangerous flaw that could affect any website or web application that uses an SQL-based database.
The recent SQLi in Joomla discovered by Orpani are:
- Exploit the vulnerability to gain the administrator session key
- On executing the request on Joomla site returns the admin session key
- Using the admin key to hijack the session and further gaining:
- Access to the /administrator/ folder
- Access to the administrator Control Panel
CVE-2015-7857 enables an unauthorized remote attacker to gain administrator privileges by hijacking the admin session. Once exploited, the attacker may gain full control of the website and execute additional attacks.
The vulnerability discovered in a core module that doesn’t require any extensions, therefore, all the websites that use Joomla versions 3.2 (released in November 2013) and above are vulnerable.
Researchers also discovered the related vulnerabilities, CVE-2015-7858 and CVE-2015-7297, as part of their research.
Actually the Joomla code resided in /administrator /components /com_contenthistory/ models/history.php was vulnerable to SQL injection.
Orpani came across many weak links in this code, that could:
Vulnerability in DRUPAL
The popular CMS Drupal has also patched an Open Redirect vulnerability in the Overlay module in its Core project (7.x versions prior to 7.41).
The Overlay module in Drupal core project displays administrative pages as a layer on the current page, rather than replacing the page in the browser window.
However, the module doesn’t sufficiently validate URLs prior to displaying their contents, which leads to an open redirect vulnerability, according to Drupal’s official blog.
joomla released officially :-
Joomla! 3.4.5 is now available. This is a security release for the 3.x series of Joomla which addresses a critical security vulnerability. We strongly recommend that you update your sites immediately. This release only contains the security fixes; no other changes have been made compared to the Joomla 3.4.4 release.
The vulnerability affected the site users with administrative rights; i.e. if only the “Access the administrative overlay” permission is enabled the vulnerability could be exploited.
The fix for the open redirect vulnerability was released and required the sites to upgrade to Drupal version 7.41.You can patch your Drupal from official drupal website.
If you were not aware of these vulnerabilities, do not panic you can fix your CMS now!
Learn and develop your goals. 