Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:24270
HistoryJul 18, 2010 - 12:00 a.m.

RedShop 1.0.23.1 Joomla Component Blind SQL Injection Vulnerability

2010-07-1800:00:00
vulners.com
15
JSON

RedShop 1.0.23.1 Joomla Component Blind SQL Injection Vulnerability

Name RedShop
Vendor http://redweb.dk
Versions Affected 1.0.23.1

Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-07-13

X. INDEX

I. ABOUT THE APPLICATION
II. DESCRIPTION
III. ANALYSIS
IV. SAMPLE CODE
V. FIX

I. ABOUT THE APPLICATION

RedShop is a popular and commercial Joomla component.
It is a Content Creation Kit style of webshop / webshop
tool where you got the most access ever given to any user
to completely style around and change thier webshop,
without alot more knowledge then HTML and a bit of CSS.

II. DESCRIPTION

A parameter in the search form is not properly sanitised
before being used in a SQL query.

III. ANALYSIS

Summary:

A) Blind SQL Injection

A) Blind SQL Injection

The parameters viewform and id are not properly sanitised
The parameter keyword is not properly sanitised before
being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation requires that "magic_quotes_gpc"
is disabled.

IV. SAMPLE CODE

A) Blind SQL Injection

Copy and past the following lines in the search form:

' AND (SELECT(IF(ASCII(0x41) = 64,false,NULL))) OR '
' AND (SELECT(IF(ASCII(0x41) = 65,true,NULL))) OR '

V. FIX

No fix.

JSON