lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <AANLkTime4yiAuAopsPMihUS0y6_Vs_zVogJJUovT9Nn4@mail.gmail.com>
Date: Mon, 31 Jan 2011 10:35:15 +0100
From: Andrea Fabrizi <andrea.fabrizi@...il.com>
To: bugtraq@...urityfocus.com, webappsec@...urityfocus.com
Subject: VirtueMart eCommerce for Joomla <= 1.1.6 Blind SQL Injection

**************************************************************
Application: VirtueMart
Version affected: <= 1.1.6
Website: http://www.virtuemart.net/
Discovered By: Andrea Fabrizi
Email: andrea.fabrizi@...il.com
Web: http://www.andreafabrizi.it
Vuln: Blind SQL Injection
**************************************************************

Blind SQL Injection found in "search_category" parameter.

Example:
http://127.0.0.1/index.php?category_id=&page=shop.browse&option=com_virtuemart&Itemid=1&keyword1=hand&search_op=and&keyword2=&search_limiter=anywhere&search=Search&search_category=3
AND $BLIND_SQL --

EXPLOIT: http://www.andreafabrizi.it/download.php?file=virtuemart_sql_exploit.sh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ