Joomla 2.5 XSS SQLi Attack

Discussion in 'Masalah Teknik dan Keamanan' started by alvingiovanno, 6 Mar 2012.

Thread Status:
Not open for further replies.
  1. alvingiovanno

    alvingiovanno Apprentice 2.0

    Messages:
    516
    Likes Received:
    26
    Trophy Points:
    28
    PHP:
    JoomlaSecurity News
        

    [20120302] - Core XSS Vulnerability

    Posted
    05 Mar 2012 06:00 AM PST

        Project
    Joomla!
        
    SubProjectAll
        Severity
    Moderate
        Versions
    2.5.1 and 2.5.0
        Exploit type
    XSS Vulnerability
        Reported Date
    2012-February-29
        Fixed Date
    2012-March-05

    Description

    Inadequate filtering leads to XSS vulnerability
    .
    Affected Installs

    Joomla
    version 2.5.1 and 2.5.0.
    Solution

    Upgrade to version 2.5.2

    Reported by Phil Purviance
    Contact

    The JSST at the Joomla
    Security Center.

    [
    20120301] - Core SQL Injection

    Posted
    05 Mar 2012 06:00 AM PST

        Project
    Joomla!
        
    SubProjectAll
        Severity
    High
        Versions
    2.5.12.5.0 and 1.7.0 1.7.4
        Exploit type
    SQL Injection
        Reported Date
    2012-February-29
        Fixed Date
    2012-March-05

    Description

    Inadequate escaping leads to SQL injection vulnerability
    .
    Affected Installs

    Joomla
    version 2.5.12.5.01.7.4, and all earlier 1.7.x versions
    Solution

    Upgrade to version 2.5.2

    Reported by Colin Wong
    Contact

    The JSST at the Joomla
    Security Center.
    tuh Tuan saya dapat email, yang pakek joomla 1.7 - 2.5 upgrade buru biar ga kena xss & SQLi :D

    :15:
     
  2. slowmotion_99

    slowmotion_99 Beginner 1.0

    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    mantap..... thx infonya Tuan
     
  3. JOGLOMedia

    JOGLOMedia Poster 1.0

    Messages:
    88
    Likes Received:
    4
    Trophy Points:
    8
    makasih infonya Tuan.,

    dah ada exploitnya blm yak :D
     
Loading...
Thread Status:
Not open for further replies.

Share This Page

Loading...