Centrora Blog

Software updates, research updates and latest news will be shared here.

Platform: Joomla component Jcart for opencart 2.0

Attack Type:

  • Cross site scripting
  • Cross site request forgery

Source: https://www.exploit-db.com/exploits/41642/

Proof of concept:

http://targetsite/index.php?option=com_jcart&route=product/product&product_id=1001' AND 6552=6552 AND 'dCgx'='dCgx&tid=c4333ccdc8b2dced3f6e72511cd8a76f

What can an attacker do with the attack?

Joomla websites with the component Jcart for opencart 2.0 is vulnerable to the SQL injection attack. This vulnerability exists because the variable product_id is not validated and used without sanitising in the database query. This allows an unauthenticated user to execute arbitrary SQL commands via the parameters product_id.

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of SQL injection.

Following are the contents of attack that are detected by the centrora.