---------------------------------------------------------------------------------
joomla component com_jinc (newsid) Blind SQL Injection Vulnerability
---------------------------------------------------------------------------------
Author : Chip D3 Bi0s
Group : LatiHackTeam
Email : chipdebios[alt+64]gmail.com
Date : 21 September 2009
Critical Lvl : Moderate
Impact : Exposure of sensitive information
Where : From Remote
---------------------------------------------------------------------------
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : JINC (Joomla! Integrated Newsletters Component)
version : 0.2
Developer : lhacky
License : GPL type : Non-Commercial
Date Added : 2 September 2009
Demo : http://www.lhacky.org/jextensions/index.php?option=com_content&view=article&id=18:how-to-use&catid=12:jinc-documentation&Itemid=28
Download : http://www.lhacky.org/jextensions/index.php?option=com_content&view=article&id=3&Itemid=15
Description :
JINC (Joomla! Integrated Newsletters Component) is a easy-to-use and administer newsletter component for Joomla!.
Using JINC your website users can auto-subscribe and unsubscribe to newsletters you defined.
JINC includes classical newsletter functionalities
* Newsletter, messages and subscription management.
* TAG substitution inside the messages body.
* User auto-registration with welcome message at subscription time.
* Newsletter Disclaimer.
* HTML and Text Plain messages.
* Massive or personalized messages.
* Reports on message sending.
* Subscription creating user "on the fly".
* Message preview to message creator before sending to the newsletter subscribers
---------------------------------------------------------------------------
I.Blind SQL injection (newsid) Poc/Exploit:
~~~~~~~~~
http://127.0.0.1/[path]/index.php?option=com_jinc&view=messages&newsid=1[blind]
To make, you must be registered
+++++++++++++++++++++++++++++++++++++++
[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++
# milw0rm.com [2009-09-21]