Joomla astatsPRO Component "id" SQL Injection Vulnerability

SECUNIA ADVISORY ID:
SA29008

VERIFY ADVISORY:
http://secunia.com/advisories/29008/

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data, Cross Site Scripting

WHERE:
>From remote

SOFTWARE:
astatsPRO 1.x (component for Joomla)
http://secunia.com/product/17747/

DESCRIPTION:
A vulnerability has been reported in the astatsPRO component for
Joomla, which can be exploited by malicious people to conduct
cross-site scripting and SQL injection attacks.

Input passed to the "id" parameter in
administrator/components/com_astatspro/includes/count_dl_or_link.inc.php
through administrator/components/com_astatspro/refer.php or
administrator/components/com_astatspro/getfile.php is not properly
sanitised before being used in SQL queries. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.

NOTE: Certain parts of the SQL query are not properly sanitised
before being returned to the user. This can further be exploited to
execute arbitrary HTML and script code in a user's browser session in
context of an affected site.

The vulnerability is reported in version 1.0.1. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
ka0x

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/5138

RECENT ARTICLE

RECENT POST