Joomla Component AJAX Shoutbox SQL Injection Vulnerability Network Vulnerability

Summary

This host is installed with Joomla! component ajax shoutbox and is prone to sql injection vulnerability.

Impact

Successful exploitation will allow attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Impact Level: Application

Solution

Upgrade to Joomla AJAX Shoutbox version 1.7 or later, For updates refer to http://batjo.nl/shoutbox

Insight

The flaw is due to insufficient validation of 'jal_lastID' HTTP GET parameter passed to 'index.php' script.

Affected

Joomla AJAX Shoutbox version 1.6 and probably earlier.

Detection

Send a crafted exploit string via HTTP GET request and check whether it is possible to execute sql query or not.

References

http://extensions.joomla.org/extensions/communication/shoutbox/43
http://packetstormsecurity.com/files/125721/Joomla-AJAX-Shoutbox-SQL-Injection.html
http://secunia.com/advisories/57450
http://www.exploit-db.com/exploits/32331

Updated on 2017-03-28

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Tomcat Windows Installer Privilege Escalation Vulnerability
AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities
Ad Manager Pro Multiple SQL Injection And XSS Vulnerabilities
ASUS RT56U Router Multiple Vulnerabilities
ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities

Take action and discover your vulnerabilities