header-logo
Suggest Exploit
vendor:
JoomShopping
by:
Mormoroth
8.8
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: JoomShopping
Affected Version From: All
Affected Version To: All
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2015

JoomShopping Blind Sql injection

A Blind SQL Injection vulnerability exists in JoomShopping, which allows an attacker to execute arbitrary SQL commands on the underlying database. This vulnerability is due to the lack of proper input validation in the 'id' parameter of the 'settings.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with a malicious 'id' parameter value. This can allow the attacker to execute arbitrary SQL commands on the underlying database, resulting in the manipulation of data, disclosure of sensitive information, and other malicious activities.

Mitigation:

Input validation should be performed on all user-supplied data to prevent Blind SQL Injection attacks. Additionally, the application should use parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# Exploit Title: [JoomShopping Blind Sql injection]
# Google Dork: [allinurl:"/modules/mod_jshopping_products_wfl/js/"]
# Date: [2015-07-24]
# Exploit Author: [Mormoroth]
# Vendor Homepage: [http://www.webdesigner-profi.de]
# Software Link: [http://www.webdesigner-profi.de/joomla-webdesign/joomla-shop/downloads.html]
# Version: [All] 
# Tested on: [Linux]
----------------------------
site/modules/mod_jshopping_products_wfl/js/settings.php?id=209 and 1=2-- a
----------------------------

Navigation

Suggest Exploit

Services By CQR