AbiusX
AbiusX
Aug 29, 2017 · 1 min read

Well I’m currently an academic researcher, so I included the vulnerability and its PoC in a publication rather than in a blog post. Also, due to the sensitive nature of my work, I should not be developing exploits, even in the form of PoCs :D

But anyway yeah. Joomla has a method where they supposedly “lex” the SQL query to replace #__ with the Joomla’s dynamic table prefix. They “lex” by counting quotations! So if there’s a quotation as data (e.g. “Jack’s Horse”) or if there’s a quotation in a comment (e.g. /* Jack’s horse*/) their lexer will silently fail and allow injection into the query as well as leakage of the dynamic table prefix.

)
    AbiusX

    Written by

    AbiusX

    #infosec #security #expert / #OWASP Iran Chapter Leader / #phpowasp PHP Security #phprbac #rbac #cmu #uva