安全研究
安全漏洞
Joomla! allCineVid 组件 'id' 参数 SQL 注入漏洞
发布日期:2012-03-20
更新日期:2012-03-20
受影响系统:
joomtraders allCineVid 1.0描述:
joomtraders allCineVid
BUGTRAQ ID: 45840
CVE(CAN) ID: CVE-2011-0511
Joomla! allCineVid组件可将视频添加到Joomla!网站内。
allCineVid 1.0.0没有正确过滤某些参数值即用在SQL查询中,可被利用注入任意SQL代码。
<*来源:Salvatore Fresta (drosophilaxxx@gmail.com)
链接:http://osvdb.org/show/osvdb/70489
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
allCineVid Joomla Component 1.0.0 Blind SQL Injection Vulnerability
Name allCineVid
Vendor http://www.joomtraders.com
Versions Affected 1.0.0
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2011-01-18
X. INDEX
I. ABOUT THE APPLICATION
II. DESCRIPTION
III. ANALYSIS
IV. SAMPLE CODE
V. FIX
I. ABOUT THE APPLICATION
________________________
allCineVid is a commercial Joomla's extension. It allows
you to add videos into your Joomla! website through the
use of modules and lightbox windows.
II. DESCRIPTION
_______________
A parameter is not properly sanitised before being used
in SQL queries.
III. ANALYSIS
_____________
Summary:
A) Blind SQL Injection
A) Blind SQL Injection
______________________
The id parameter is not properly sanitised before being
used in SQL queries. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.
IV. SAMPLE CODE
_______________
A) Blind SQL Injection
http://site/path/index.php?option=com_allcinevid&tmpl=component&id=1 and 1=1
http://site/path/index.php?option=com_allcinevid&tmpl=component&id=1 and 1=0
V. FIX
______
No fix.
建议:
厂商补丁:
joomtraders
-----------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.joomtraders.com/allcinevid.html
浏览次数:1603
严重程度:0(网友投票)
绿盟科技给您安全的保障