65 lines
No EOL
1.2 KiB
Text
65 lines
No EOL
1.2 KiB
Text
JE Auto 1.0 SQL Injection Vulnerability
|
|
|
|
Name JE Auto
|
|
Vendor http://joomlaextensions.co.in/extensions/components/je-auto.html
|
|
Versions Affected 1.0
|
|
|
|
Author Salvatore Fresta aka Drosophila
|
|
Website http://www.salvatorefresta.net
|
|
Contact salvatorefresta [at] gmail [dot] com
|
|
Date 2010-12-09
|
|
|
|
X. INDEX
|
|
|
|
I. ABOUT THE APPLICATION
|
|
II. DESCRIPTION
|
|
III. ANALYSIS
|
|
IV. SAMPLE CODE
|
|
V. FIX
|
|
|
|
|
|
I. ABOUT THE APPLICATION
|
|
________________________
|
|
|
|
JE Auto is a commercial Joomla's component.
|
|
|
|
|
|
II. DESCRIPTION
|
|
_______________
|
|
|
|
A parameter is not properly sanitised before being used
|
|
in a SQL query.
|
|
|
|
|
|
III. ANALYSIS
|
|
_____________
|
|
|
|
Summary:
|
|
|
|
A) SQL Injection
|
|
|
|
|
|
A) SQL Injection
|
|
________________
|
|
|
|
Input passed to "char" parameter is not properly
|
|
sanitised before being used in a SQL query. This can be
|
|
exploited to manipulate SQL queries by injecting
|
|
arbitrary SQL code.
|
|
|
|
Successful exploitation requires that magic_quotes_gpc is
|
|
set to Off.
|
|
|
|
|
|
IV. SAMPLE CODE
|
|
_______________
|
|
|
|
A) SQL Injection
|
|
|
|
http://site/path/index.php?option=com_jeauto&catid=1&item=1&Itemid=3&view=item&char=' UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14%23
|
|
|
|
|
|
V. FIX
|
|
______
|
|
|
|
No fix. |