Platform: Joomla component JooCart 2.x
- Cross site scripting
- Cross site request forgery
Proof of concept:
http://targetsite/index.php?option=com_opencart&route=product/product&product_id=1001' AND 6552=6552 AND 'dCgx'='dCgx&tid=c4333ccdc8b2dced3f6e72511cd8a76f
What can an attacker do with the attack?
Joomla websites with the component JooCart 2.x is vulnerable to the SQL injection attack. This vulnerability exists because the variable product_id is not validated and used without sanitising in the database query. This allows an unauthenticated user to execute arbitrary SQL commands via the parameters product_id.
Can centrora detect the attack?
Yes, centrora can detect this attacks under the category of SQL injection.
Following are the contents of attack that are detected by the centrora.