Joomla Component AJAX Shoutbox SQL Injection Vulnerability Network Vulnerability

Summary

This host is installed with Joomla! component ajax shoutbox and is prone to sql injection vulnerability.

Impact

Successful exploitation will allow attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Impact Level: Application

Solution

Upgrade to Joomla AJAX Shoutbox version 1.7 or later, For updates refer to http://batjo.nl/shoutbox

Insight

The flaw is due to insufficient validation of 'jal_lastID' HTTP GET parameter passed to 'index.php' script.

Affected

Joomla AJAX Shoutbox version 1.6 and probably earlier.

Detection

Send a crafted exploit string via HTTP GET request and check whether it is possible to execute sql query or not.

References

http://extensions.joomla.org/extensions/communication/shoutbox/43
http://packetstormsecurity.com/files/125721/Joomla-AJAX-Shoutbox-SQL-Injection.html
http://secunia.com/advisories/57450
http://www.exploit-db.com/exploits/32331

Updated on 2017-03-28

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
AVTECH DVR Multiple Vulnerabilities
Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
Adobe ColdFusion Information Disclosure Vulnerability
Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability

Take action and discover your vulnerabilities