SQL Injection Vulnerability in Joomla Component ja-k2-filter-and-search was Discovered
In the past couple of days, Information Security experts discovered an SQL injection vulnerability in Joomla component ja-k2-filter-and-search.
This component has been used in various Joomla sites. Through the use of the sqlmap tool, an attacker can gain access to the website database and reveal very critical or sensitive data.
This vulnerability has not been detected or published in any international website. In addition, the component developer has not been informed about this critical issue. Therefore this vulnerability is considered as a zero-day vulnerability.
Joomla is a popular open-source Content Management System (CMS). It is written in PHP and uses MySQL database to store contents. It can run on a wide variety of platforms such as Linux, Windows, Mac OS X server and so on.
This vulnerability can be checked for a website that uses the Joomla component Ja-K2-Filter-And-Search by using a specific query.
Type the following link to the address bar of the web browser:
http://www.xxx.com/index.php?category_id=(select 1 and row(1,1)>(select
floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))&
If an error occurs as follows, the vulnerability exists:
Since no patch has been released by Joomla. Website developers should keep a close eye on the updates at Joomla official website and wait for the patch. For Sangfor NGAF customers, be rest assured that the vulnerability in the websites is well protected.