Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: bx1257.htm

Multiple CSRF in Joomla all versions - Complete compromise



Multiple CSRF in Joomla all versions - Complete compromise
Multiple CSRF in Joomla all versions - Complete compromise



[HSC] Multiple CSRF in Joomla all versions - Complete compromise=0D
=0D
=0D
Hackers Center Security Group (http://www.hackerscenter.com)=0D 
Credit: Armando Romeo aka Zinho=0D
=0D
=0D
Class: CSRF=0D
Remote: Yes=0D
Risk: HIGH=0D
=0D
Product: Joomla=0D
Version: All (1.0.13 and 1.5 rc3 tested)=0D
Vendor: http://www.joomla.com=0D 
Patch: Joomla 1.5 RC4 =0D
=0D
=0D
=0D
"Joomla! is one of the most powerful Open Source Content Management Systems on the planet. It is used all over the world for everything =0D
from simple websites to complex corporate applications. Joomla! is easy to install, simple to manage, and reliable"=0D
=0D
=0D
=0D
Joomla is vulnerable to CSRF attacks into all of its released versions including the RC3 of 1.5.=0D
=0D
=0D
+] Affected areas =0D
=0D
-Users=0D
The attack allows everyone (no privileges needed) to add a new Super Admin by just having a Super Admin visiting a url=0D
=0D
-Extension installation=0D
The attack allow everyone (no privileges needed) to upload an extension from a remote location, thus having malicious PHP scripts on server. =0D
Read PHP shell.=0D
=0D
-Global configuration=0D
The attack allows everyone (no privileges needed) to change all the aspects of the site main configuration, including database configuration.=0D
=0D
Defacement or complete portal compromise is possible including having access to the database.=0D
=0D
=0D
+] Notes =0D
=0D
Joomla has been contacted on 12/4/2007. Fast and professional response was given. Patched in SVN 4 days later and then with the RC4 release.=0D
Time to face CSRF, community!=0D
=0D
+] Patch=0D
=0D
Patch of the above vulnerabilities is included into the RC4 release of Joomla 1.5=0D
As far as I know 1.0 has not been fixed so all the 1.0.x versions are vulnerable and unpatched,=0D
that's why I'm not including a POC here.=0D
=0D
________=0D
http://kit.hackerscenter.com - The most comprehensive security pack you will ever find on the net! 


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH