32 lines
1.4 KiB
YAML
32 lines
1.4 KiB
YAML
id: joomla-marvikshop-sqli
|
|
|
|
info:
|
|
name: Joomla MarvikShop ShoppingCart 3.4 - Sql Injection
|
|
author: r3Y3r53
|
|
severity: high
|
|
description: |
|
|
Joomla MarvikShop ShoppingCart 3.4 is vulnerable to SQL injection which is a code injection technique that might destroy your database. SQL injection is one of the most common web hacking techniques. SQL injection is the placement of malicious code in SQL statements, via web page input.
|
|
reference:
|
|
- https://vulners.com/zdt/1337DAY-ID-38020
|
|
- https://cxsecurity.com/issue/WLB-2022100015
|
|
- https://extensions.joomla.org/
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
tags: joomla,marvikshop,sqli,unauth
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/index.php?option=com_oscommerce&osMod=mshop_pl_src&manufacturers_id=7&sort=products_sort_order&page=index.php&format=xml&task=showproducts&view=med&sort=latest&sortdir=%27"
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- 'contains(body, "You have an error in your SQL syntax") && contains(body, "manufacturers_id") && contains(body, "products_price")'
|
|
- 'contains(content_type, "text/html")'
|
|
- 'status_code == 200'
|
|
condition: and
|
|
|
|
# digest: 4a0a00473045022100a3a76116b010421d53b19b5eecf9c3827b8155ef3f08e8956b2ea16266c6d99402205d8a9043b3eb5deb270495437a7a242c91ee13f07ca51c5a2e556826dcf51f92:922c64590222798bb761d5b6d8e72950
|