Visitors Google Map 1.0.1 remote SQL injection vulnerability

2010.09.14
Credit: Chip D3 Bi0s
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

Visitors Google Map Lite 1.0.1 (FREE) (module mod_visitorsgooglemap Remote Sql Injection) ========================================================================================= - Discovered by : Chip D3 Bi0s - Email : chipdebios[at]gmail[dot]com - Group : LatinHackTeam - Date : 2010-09-08 - Where : From Remote ------------------------------------------------------------------------------------- Affected software description Application : Visitors Google Map Lite 1.0.1 (FREE) (module:mod_visitorsgooglemap) Developer : Serdar Gkkus Compatibility : Joomla 1.5 Native License : GPLv2 or later Date Added : Sunday August 29, 2010 01:14:14 Download : http://www.comlantis.com/download/doc_download/2-visitors-google-map-lite-101-free.html I. BACKGROUND This extension tracks visitors of your site in real time and displays their locations in Google Map. It uses three main technologies: - Map API of Google - AJAX - IP geolocation API of IPInfoDB Content of VisitorsGoogeMap Package: This extension contains one Joomla Compoment and two Joomla Modules. com_visitorsgooglemap: This component is responsible for the creation database table during installation and remove it clearly in case of uninstallation. mod_visitorsgooglemap: This module is responsible for the display of Google Map in desired module position in your template and track the visitors of your Joomla page in the map. mod_visitorsgooglemap_agent: This module is responsible for the updating visitors information in the database. II. DESCRIPTION Some sql injecton vulnerabilities exist in mod_visitorsgooglemap module . III. ANALYSIS The bug is in the following files, specifying the lines /mod_visitorsgooglemap/map_data.php [16] [if ($_GET['action'] == 'listpoints') [17] { [18] $lastMarkerID = $_GET['lastMarkerID']; [19] ini_set('default_mimetype','text/xml'); // manchmal notwendig [20] header ('Content-Type: text/xml'); // reicht nicht immer [21] echo '<?xml version="1.0" ?>'; [22] echo '<xmlresponse>'; [23] $database =& JFactory::getDBO(); [24] $query = "SELECT * FROM #__visitorsgooglemap_location where id > $lastMarkerID order by id"; Explanation:As noted in the line [24] $ lastMarkerID nowhere is filtered, which result in a query pede unexpected IV. EXPLOITATION http://site/path/modules/mod_visitorsgooglemap/map_data.php?action=listpoints&lastMarkerID=0{sql} +++++++++++++++++++++++++++++++++++++++ [!] Produced in South America +++++++++++++++++++++++++++++++++++++++


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top