J2Store v3.1.6, a Joomla! extension that adds basic store functionality to a Joomla! instance, suffered from two unauthenticated boolean-blind and error-based SQL injection vulnerabilities. Since February 2015, J2Store has had about 16,000 downloads as of this writing. The first vulnerability was in the sortby parameter within a request made while searching for products. POST /index.php HTTP/1.1 Host: 192.168.1.3 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 124 search=&sortby=product_name+DESC&option=com_j2store&view=products&task=browse&Itemid=115 The second vulnerability was in an advanced search multipart form request, within the manufacturer_ids parameters. POST /index.php HTTP/1.1 Host: 192.168.1.3 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Content-Type: multipart/form-data; boundary
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment