[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Appointinator 1.0.1 Joomla Component Multiple Remote Vulnerabilities



Appointinator 1.0.1 Joomla Component Multiple Remote Vulnerabilities

 Name              Appointinator
 Vendor            http://appointinator.chemeia.info
 Versions Affected 1.0.1

 Author            Salvatore Fresta aka Drosophila
 Website           http://www.salvatorefresta.net
 Contact           salvatorefresta [at] gmail [dot] com
 Date              2010-07-27

X. INDEX

 I.    ABOUT THE APPLICATION
 II.   DESCRIPTION
 III.  ANALYSIS
 IV.   SAMPLE CODE
 V.    FIX
 

I. ABOUT THE APPLICATION
________________________

Appointinator is a small and convenient component,  that
allows  you  to   start   appointment   polls  for  your
registered users.


II. DESCRIPTION
_______________

Some parameters  are not properly sanitised before being
used in SQL queries.  These  bugs  can be exploited from
registered users.


III. ANALYSIS
_____________

Summary:

 A) SQL Injection
 B) Blind SQL Injection
 

A) SQL Injection
________________

The parameter  aid passed to app.php when view is set to
App is not properly sanitised before being used in a SQL
query.  This can  be exploited to manipulate SQL queries
by injecting arbitrary SQL code.


B) Blind SQL Injection
______________________

The parameter aid passed to app.php via POST in the vote
form  is  not  properly sanitised before being used in a
SQL query by the store function. This can  be  exploited
to  manipulate  SQL  queries  by injecting arbitrary SQL
code.


IV. SAMPLE CODE
_______________

A) SQL Injection

http://site/path/index.php?option=com_appointinator&view=App&aid=-1 UNION SELECT 1,CONCAT(username,0x3A,password),3,4,5,6 FROM jos_users


V. FIX
______

No fix.