Joomla! Component Multi-Venue Restaurant Menu Manager 1.5.2 – SQL Injection

• Exploit Database
• 33 阅读

• 作者： Valentin
  日期： 2010-04-11
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12159/

• # Exploit Title: Joomla Component Multi-Venue Restaurant Menu Manager SQL Injection Vulnerability
  # Date: 11.04.2010
  # Author: Valentin
  # Category: webapps/0day
  # Version: 
  # Tested on: 
  # CVE :
  # Code : 
  
  :: General information
  :: Joomla Component Multi-Venue Restaurant Menu Manager SQL Injection Vulnerability
  :: by Valentin Hoebel
  :: valentin@xenuser.org
  
  :: Product information
  :: Name =Multi-Venue Restaurant Menu Manager (MVRMM)
  :: Vendor = Focusplus Developments Ltd.
  :: Vendor Website = http://www.focusdev.co.uk/
  :: Affected versions = 1.5.2 Stable Update 3 and all previous versions
  
  :: SQL Injection Vulnerability
  Vulnerable Parameter
  "mid"
  
  Vulnerable URL
  http://some-cool-domain.tld/index.php?option=com_mv_restaurantmenumanager&task=menu_display&Venue=XX&mid=XX&Itemid=XX
  
  :: Additional information
  Exploitation can be a little bit tricky.
  
  :: Misc
  Greetz && Thanks to the inj3ct0r team, Exploit DB, hack0wn and ExpBase!