Centrora Blog

Software updates, research updates and latest news will be shared here.

Platform: Joomla component JooCart 2.x

Attack Type:

  • Cross site scripting
  • Cross site request forgery

Source: https://www.exploit-db.com/exploits/41641/

Proof of concept:

http://targetsite/index.php?option=com_opencart&route=product/product&product_id=1001' AND 6552=6552 AND 'dCgx'='dCgx&tid=c4333ccdc8b2dced3f6e72511cd8a76f

What can an attacker do with the attack?

Joomla websites with the component JooCart 2.x is vulnerable to the SQL injection attack. This vulnerability exists because the variable product_id is not validated and used without sanitising in the database query. This allows an unauthenticated user to execute arbitrary SQL commands via the parameters product_id.

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of SQL injection.

Following are the contents of attack that are detected by the centrora.