Visitors Google Map Lite 1.0.1 mod_visitorsgooglemap SQL Injection

ID 1337DAY-ID-14044
Type zdt
Reporter Chip D3 Bi0s
Modified 2010-09-09T00:00:00


Exploit for php platform in category web applications

Visitors Google Map Lite 1.0.1 mod_visitorsgooglemap SQL Injection

- Discovered by : Chip D3 Bi0s
- Email         : chipdebios[at]gmail[dot]com
- Group         : LatinHackTeam
- Date          : 2010-09-08
- Where         : From Remote
Affected software description
Application     : Visitors Google Map Lite 1.0.1 (FREE) (module:mod_visitorsgooglemap)
Developer       : Serdar Gökkus
Compatibility   : Joomla 1.5 Native
License         : GPLv2 or later
Date Added      : Sunday August 29, 2010 01:14:14
Download        :
This extension tracks visitors of your site in real time and displays their
locations in Google Map. It uses three main technologies:
- Map API of Google
- IP geolocation API of IPInfoDB
Content of VisitorsGoogeMap Package:
This extension contains one Joomla Compoment and two Joomla Modules.
com_visitorsgooglemap: This component is responsible for the creation
                       database table during installation and remove
                       it clearly in case of uninstallation.
mod_visitorsgooglemap: This module is responsible for the display of
                       Google Map in desired module position in your
                       template and track the visitors of your Joomla
                       page in the map.
mod_visitorsgooglemap_agent: This module is responsible for the updating
                             visitors information in the database.
Some sql injecton vulnerabilities exist in mod_visitorsgooglemap module .
The bug is in the following files, specifying the lines
[16] [if ($_GET['action'] == 'listpoints')
[17]        {
[18]            $lastMarkerID = $_GET['lastMarkerID'];
[19]            ini_set('default_mimetype','text/xml'); // manchmal notwendig
[20]            header ('Content-Type: text/xml'); // reicht nicht immer
[21]            echo '<?xml version="1.0" ?>';
[22]            echo '<xmlresponse>';
[23]        $database =& JFactory::getDBO();
[24]        $query = "SELECT * FROM #__visitorsgooglemap_location where id > $lastMarkerID order by id";
 Explanation:As noted in the line [24] $ lastMarkerID
 nowhere is filtered, which result in a query pede unexpected
[!] Produced in South America

# [2018-03-06]  #