Joomla com_niceajaxpoll SQL Injection Exploits

Summary

Joomla com_niceajaxpoll suffers from SQL injection vulnerability

Credit:

The information has been provided by D4NB4R.


Details

Vulnerable Systems:
 * Joomla com_niceajaxpoll version 1.3.0 and prior

+ — –=[ 0x01 – Software description

Nice Ajax Poll is a component for the Joomla! CMS which allows users to vote on certain questions or statements.

+ — –=[ 0x02 – Vulnerability description

There is a SQL Injection vulnerability that can be called from within the website to perform the SQL Injection attack.

+ — –=[ 0x03 – Impact

The impact of this vulnerability should be rated as critical as it is possible to access the database and therefore retreive user information such as usernames, passwords and other data. When abused, hackers could gain access to the administrative interface of Joomla.

+ — –=[ 0x04 – Affected versions

As of the source code, the version containint this vulnerability was version 1.3.0. It was not proven that the vulnerability does not exist in newer or earlier versions. Therfore the vulnerability is considered available in versions below 1.3.0.

+ — –=[ 0x05 – Vendor contact trail

Contact has not been made with the author. Author will receive a copy of the vulnerability disclosure.

+ — –=[ 0x06 – Proof of Concept (PoC)

In:

/components/com_niceajaxpoll/views/niceajaxpoll/tmpl/default.php

there is a call to:

index.php?option=com_niceajaxpoll&getpliseid=’+id,

which is located on line 32. In practice this vulnerability has been verified by exploiting the following:

/index.php?option=com_niceajaxpoll&getpliseid=1 OR 1=1
,——-
‘- SQLi

Disclosure Timeline:
Published: 2012-08-01

Categories: Exploits