allCineVid Joomla Component 1.0.0 Blind SQL Injection Vulnerability
 
 Name              allCineVid
 Vendor            http://www.joomtraders.com
 Versions Affected 1.0.0
 
 Author            Salvatore Fresta aka Drosophila
 Website           http://www.salvatorefresta.net
 Contact           salvatorefresta [at] gmail [dot] com
 Date              2011-01-18
 
X. INDEX
 
 I.    ABOUT THE APPLICATION
 II.   DESCRIPTION
 III.  ANALYSIS
 IV.   SAMPLE CODE
 V.    FIX
  
 
I. ABOUT THE APPLICATION
________________________
 
allCineVid is a commercial Joomla's extension.  It allows
you to add videos into your Joomla! website  through  the
use of modules and lightbox windows.
 
 
II. DESCRIPTION
_______________
 
A parameter is not properly sanitised  before  being used
in SQL queries.
 
 
III. ANALYSIS
_____________
 
Summary:
 
 A) Blind SQL Injection
  
 
A) Blind SQL Injection
______________________
 
The id parameter is not  properly  sanitised before being
used in SQL queries.  This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.
 
 
IV. SAMPLE CODE
_______________
 
A) Blind SQL Injection
 
http://site/path/index.php?option=com_allcinevid&tmpl=component&id=1 and 1=1
http://site/path/index.php?option=com_allcinevid&tmpl=component&id=1 and 1=0
 
 
V. FIX
______
 
No fix.