Vigil@nce - Joomla: SQL injection via filter_order
November 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can use the filter_order parameter, in order to inject
SQL fragments generating an error in Joomla.
Severity: 1/4
Creation date: 05/11/2010
DESCRIPTION OF THE VULNERABILITY
The filter_order or filter_order_Dir parameter of Joomla pages is
used to sort results.
However, this parameter is not filtered before being used in a SQL
query. An attacker can therefore inject SQL fragments, which alter
the query, and generate an error. The execution of a full SQL
query was not proved.
An attacker can therefore use the filter_order parameter, in order
to inject SQL fragments generating an error in Joomla. The error
message indicates the full path to the web page.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Joomla-SQL-injection-via-filter-order-10109