Joomla! Component allCineVid 1.0.0 – Blind SQL Injection

• Exploit Database
• 33 阅读

• 作者： Salvatore Fresta
  日期： 2011-01-18
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/16010/

• http://adv.salvatorefresta.net/allCineVid_Joomla_Component_1.0.0_Blind_SQL_Injection_Vulnerability-18012011.txt
  
  allCineVid Joomla Component 1.0.0 Blind SQL Injection Vulnerability
  
   NameallCineVid
   Vendorhttp://www.joomtraders.com
   Versions Affected 1.0.0
  
   AuthorSalvatore Fresta aka Drosophila
   Website http://www.salvatorefresta.net
   Contact salvatorefresta [at] gmail [dot] com
   Date2011-01-18
  
  X. INDEX
  
   I.ABOUT THE APPLICATION
   II. DESCRIPTION
   III.ANALYSIS
   IV. SAMPLE CODE
   V.FIX
   
  
  I. ABOUT THE APPLICATION
  ________________________
  
  allCineVid is a commercial Joomla's extension.It allows
  you to add videos into your Joomla! websitethroughthe
  use of modules and lightbox windows.
  
  
  II. DESCRIPTION
  _______________
  
  A parameter is not properly sanitisedbeforebeing used
  in SQL queries.
  
  
  III. ANALYSIS
  _____________
  
  Summary:
  
   A) Blind SQL Injection
   
  
  A) Blind SQL Injection
  ______________________
  
  The id parameter is notproperlysanitised before being
  used in SQL queries.This can be exploited to manipulate
  SQL queries by injecting arbitrary SQL code.
  
  
  IV. SAMPLE CODE
  _______________
  
  A) Blind SQL Injection
  
  http://site/path/index.php?option=com_allcinevid&tmpl=component&id=1 and 1=1
  http://site/path/index.php?option=com_allcinevid&tmpl=component&id=1 and 1=0
  
  
  V. FIX
  ______
  
  No fix.