Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Visitors Google Map Lite 1.0.1 Free mod_visitorsgooglemap Module - SQL Injection

🗓️ 09 Sep 2010 00:00:00Reported by Chip d3 bi0sType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 25 Views

SQL Injection in Visitors Google Map Lite 1.0.1 module

Code
Visitors Google Map Lite 1.0.1 (FREE) (module mod_visitorsgooglemap Remote Sql Injection)
=========================================================================================

- Discovered by	: Chip D3 Bi0s
- Email         : chipdebios[at]gmail[dot]com
- Group         : LatinHackTeam
- Date          : 2010-09-08
- Where         : From Remote

-------------------------------------------------------------------------------------
Affected software description

Application     : Visitors Google Map Lite 1.0.1 (FREE) (module:mod_visitorsgooglemap) 
Developer       : Serdar Gökkus
Compatibility   : Joomla 1.5 Native
License         : GPLv2 or later
Date Added      : Sunday August 29, 2010 01:14:14
Download        : http://www.comlantis.com/download/doc_download/2-visitors-google-map-lite-101-free.html

I. BACKGROUND

This extension tracks visitors of your site in real time and displays their
locations in Google Map. It uses three main technologies:

- Map API of Google
- AJAX
- IP geolocation API of IPInfoDB

Content of VisitorsGoogeMap Package:
This extension contains one Joomla Compoment and two Joomla Modules.

com_visitorsgooglemap: This component is responsible for the creation
                       database table during installation and remove 
                       it clearly in case of uninstallation.

mod_visitorsgooglemap: This module is responsible for the display of
                       Google Map in desired module position in your
                       template and track the visitors of your Joomla
                       page in the map.

mod_visitorsgooglemap_agent: This module is responsible for the updating
                             visitors information in the database.

II. DESCRIPTION

Some sql injecton vulnerabilities exist in mod_visitorsgooglemap module .


III. ANALYSIS

The bug is in the following files, specifying the lines

/mod_visitorsgooglemap/map_data.php


[16] [if ($_GET['action'] == 'listpoints') 
[17]		{
[18]			$lastMarkerID = $_GET['lastMarkerID'];
[19]			ini_set('default_mimetype','text/xml'); // manchmal notwendig
[20]			header ('Content-Type: text/xml'); // reicht nicht immer
[21]			echo '<?xml version="1.0" ?>';
[22]			echo '<xmlresponse>';
[23]	    $database =& JFactory::getDBO(); 
[24]	    $query = "SELECT * FROM #__visitorsgooglemap_location where id > $lastMarkerID order by id";

 Explanation:As noted in the line [24] $ lastMarkerID
 nowhere is filtered, which result in a query pede unexpected


IV. EXPLOITATION

http://site/path/modules/mod_visitorsgooglemap/map_data.php?action=listpoints&lastMarkerID=0{sql}




+++++++++++++++++++++++++++++++++++++++
[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
09 Sep 2010 00:00Current
7.4High risk
Vulners AI Score7.4
visitors google mapsql injectionjoomla
25