Joomla! Component redSHOP 1.0.23.1 – Blind SQL Injection

• Exploit Database
• 116 阅读

• 作者： Salvatore Fresta
  日期： 2010-07-15
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14368/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73

  RedShop 1.0.23.1 Joomla Component Blind SQL Injection Vulnerability   NameRedShop Vendorhttp://redweb.dk Versions Affected 1.0.23.1   AuthorSalvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta [at] gmail [dot] com Date2010-07-13   X. INDEX   I.ABOUT THE APPLICATION II. DESCRIPTION III.ANALYSIS IV. SAMPLE CODE V.FIX   I. ABOUT THE APPLICATION ________________________   RedShop is a popular and commercial Joomla component. Itisa Content Creation Kit style of webshop / webshop tool where you got the most access ever given to any user tocompletelystylearoundandchange thier webshop, withoutalotmore knowledge then HTML and a bit of CSS.     II. DESCRIPTION _______________   A parameter in the search formis not properly sanitised before being used in a SQL query.     III. ANALYSIS _____________   Summary:   A) Blind SQL Injection   A) Blind SQL Injection ______________________   The parameters viewform and id are not properly sanitised Theparameterkeywordis not properly sanitised before beingusedinaSQLquery. Thiscan be exploited to manipulate SQL queries by injecting arbitrary SQL code.   Successful exploitationrequires that "magic_quotes_gpc" is disabled.     IV. SAMPLE CODE _______________   A) Blind SQL Injection   Copy and past the following lines in the search form:   ' AND (SELECT(IF(ASCII(0x41) = 64,false,NULL))) OR ' ' AND (SELECT(IF(ASCII(0x41) = 65,true,NULL))) OR '     V. FIX ______   No fix.