Monday, 04 October 2010 00:00
SOBI2's admin panel doesn't explicitly check for _POST requests, nor does it have a nonce.
http://[victim]/administrator/index.php?stpl=default&returnTask=editTemplate&task=saveConfig&option=com_sobi2&editing=config&templateContent=[URL-Encoded PHP]
Successful exploitation of this exploit requires a site administrator to visit a malicious URL while logged in to the backend.
The location of the overwritten file in this case is components/com_sobi2/templates/default/sobi2.details.tmpl.php
Timeline
- Vulnerabilities Discovered: 1 October 2010
- Vendor Notified: 1 October 2010
- Vendor Response: 1 October 2010
- Update Available: 4 October 2010
- Disclosure: 4 October 2010
Last Updated on Monday, 04 October 2010 13:22
Add your comment
Featured Extensions
$3.00
FREE You Save: $3.00 |
$1.00
FREE You Save: $1.00 |
$3.00
FREE You Save: $3.00 |
$1.00
FREE You Save: $1.00 |
Latest Articles
Most Popular
The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. Jeff Channell is not affiliated with or endorsed by Open Source Matters or the Joomla!® Project.
Cart
Your Cart is currently empty.
Keywords
Template Info
-
Name
Circles -
Creation Date
06/28/09 -
Author
Jeff Channell -
Author Email
me@jeffchannell.com -
Author URL
http://jeffchannell.com -
Version
0.0.2 -
Description
Circles