Joomla! Component com_appointinator 1.0.1 – Multiple Vulnerabilities

• Exploit Database
• 14 阅读

• 作者： Salvatore Fresta
  日期： 2010-07-27
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14488/

• Appointinator 1.0.1 Joomla Component Multiple Remote Vulnerabilities
  
   NameAppointinator
   Vendorhttp://appointinator.chemeia.info
   Versions Affected 1.0.1
  
   AuthorSalvatore Fresta aka Drosophila
   Website http://www.salvatorefresta.net
   Contact salvatorefresta [at] gmail [dot] com
   Date2010-07-27
  
  X. INDEX
  
   I.ABOUT THE APPLICATION
   II. DESCRIPTION
   III.ANALYSIS
   IV. SAMPLE CODE
   V.FIX
   
  
  I. ABOUT THE APPLICATION
  ________________________
  
  Appointinator is a small and convenient component,that
  allowsyouto start appointment pollsforyour
  registered users.
  
  
  II. DESCRIPTION
  _______________
  
  Some parametersare not properly sanitised before being
  used in SQL queries.Thesebugscan be exploited from
  registered users.
  
  
  III. ANALYSIS
  _____________
  
  Summary:
  
   A) SQL Injection
   B) Blind SQL Injection
   
  
  A) SQL Injection
  ________________
  
  The parameteraid passed to app.php when view is set to
  App is not properly sanitised before being used in a SQL
  query.This canbe exploited to manipulate SQL queries
  by injecting arbitrary SQL code.
  
  
  B) Blind SQL Injection
  ______________________
  
  The parameter aid passed to app.php via POST in the vote
  formisnotproperly sanitised before being used in a
  SQL query by the store function. This canbeexploited
  tomanipulateSQLqueriesby injecting arbitrary SQL
  code.
  
  
  IV. SAMPLE CODE
  _______________
  
  A) SQL Injection
  
  http://site/path/index.php?option=com_appointinator&view=App&aid=-1 UNION SELECT 1,CONCAT(username,0x3A,password),3,4,5,6 FROM jos_users
  
  
  V. FIX
  ______
  
  No fix.