Joomla Multi-Venue Restaurant Menu Manager SQL Injection

`# Exploit Title: Joomla Component Multi-Venue Restaurant Menu Manager SQL Injection Vulnerability  
# Date: 11.04.2010  
# Author: Valentin  
# Category: webapps/0day  
# Version:   
# Tested on:   
# CVE :   
# Code :   
  
:: General information  
:: Joomla Component Multi-Venue Restaurant Menu Manager SQL Injection Vulnerability  
:: by Valentin Hoebel  
:: [email protected]  
  
:: Product information  
:: Name = Multi-Venue Restaurant Menu Manager (MVRMM)  
:: Vendor = Focusplus Developments Ltd.  
:: Vendor Website = http://www.focusdev.co.uk/  
:: Affected versions = 1.5.2 Stable Update 3 and all previous versions  
  
:: SQL Injection Vulnerability  
Vulnerable Parameter  
"mid"  
  
Vulnerable URL  
http://some-cool-domain.tld/index.php?option=com_mv_restaurantmenumanager&task=menu_display&Venue=XX&mid=XX&Itemid=XX  
  
:: Additional information  
Exploitation can be a little bit tricky.  
  
:: Misc  
Greetz && Thanks to the inj3ct0r team, Exploit DB, hack0wn and ExpBase!  
`