Skip to content

Instantly share code, notes, and snippets.

@blackcon blackcon/diff.txt

Last active Dec 22, 2019
Embed
What would you like to do?
Security issue: JS-jobs 1.2.7 for joomla
1. Vulnerability
- SQL Injection
2. Product
- JS-jobs Free for joomla
3. Vulnerebility Version
- before v1.2.7
4. Update Version
- v1.2.8
5. Reference URL
- https://www.joomsky.com/products/js-jobs.html
6. Diff code
- vulnerability version(v1.2.7) vs patche version(v1.2.8)
- command
$ diff jsjobs_1.2.7/site/models/customfields.php jsjobs_1.2.8/site/models/customfields.php
169,191c169,192
< function dataForDepandantField( $val , $childfield){
< $db = $this->getDBO();
< $query = "SELECT userfieldparams,fieldtitle FROM `#__js_job_fieldsordering` WHERE field = '".$childfield."'";
< $db->setQuery($query);
< $data = $db->loadObject();
< $decoded_data = json_decode($data->userfieldparams);
< $comboOptions = array();
< $flag = 0;
< foreach ($decoded_data as $key => $value) {
< if($key == $val){
< for ($i=0; $i < count($value) ; $i++) {
< if($flag == 0){
< $comboOptions[] = array('value' => '', 'text' => JText::_('Select').' '.$data->fieldtitle);
< }
< $comboOptions[] = array('value' => $value[$i], 'text' => $value[$i]);
< $flag = 1;
< }
< }
< }
< $html = JHTML::_('select.genericList', $comboOptions , $childfield,'class="inputbox one"', 'value' , 'text' , '');
< return $html;
< }
<
---
> function dataForDepandantField( $val , $childfield){
> $db = $this->getDBO();
> $query = "SELECT userfieldparams,fieldtitle FROM `#__js_job_fieldsordering` WHERE field = '".$childfield."'";
> $db->setQuery($query);
> $data = $db->loadObject();
> $comboOptions = array();
> if(!empty($data) && isset($data->userfieldparams)){
> $decoded_data = json_decode($data->userfieldparams);
> $flag = 0;
> foreach ($decoded_data as $key => $value) {
> if($key == $val && is_array($value)){
> for ($i=0; $i < count($value) ; $i++) {
> if($flag == 0){
> $comboOptions[] = array('value' => '', 'text' => JText::_('Select').' '.$data->fieldtitle);
> }
> $comboOptions[] = array('value' => $value[$i], 'text' => $value[$i]);
> $flag = 1;
> }
> }
> }
> }
> $html = JHTML::_('select.genericList', $comboOptions , $childfield,'class="inputbox one"', 'value' , 'text' , '');
> return $html;
> }
7. Reference URL
: https://www.joomsky.com/products/js-jobs.html
: https://gist.github.com/blackcon/c61771eb8c9f0aeef6f6797f945efa13
@blackcon

This comment has been minimized.

Copy link
Owner Author

blackcon commented Dec 22, 2019

#1 Reference page
001
002

#2 Communication with developer of joomsky
003

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.