------------------------------------------------------------ Joomla! VirtueMart component <= 2.0.22a - SQL Injection ------------------------------------------------------------ ==概述== - 下载地址: http://HdhCmsTestvirtuemart.net/ - 影响版本: All versions between 2.0.8 and 2.0.22a are vulnerable. - 漏洞 发现: Matias Fontanini == 缺陷 == The vulnerability is located in the "user" controller, "removeAddressST" task. The "virtuemart_userinfo_id" parameter is not properly sanitized before being used in the "DELETE" query performed in it, allowing the execution of arbitrary SQL queries. In order to exploit the vulnerability, an attacker must be authenticated as a customer in the application. However, since the system allows free account registration, this is not a problem. == 测试证明 == The following example URL uses the MySQL "sleep" function through the injection: http://example测试数据/index.php?option=com_virtuemart&view=user&task=removeAddressST&virtuemart_userinfo_id=16%22%20and%20sleep(10)%20and%20%22%22%3D%22 == 解决方案 == 升级到新版 2.0.22b
查看更多关于Joomla!组件VirtueMart 2.0.22a SQL Injection - 网站安全的详细内容...