Test method:
The Program (method) provided on this site may be offensive and only used for security research and teaching. You are at your own risk! # Exploit Title: Joomla Component Multi-Venue Restaurant Menu Manager SQL Injection Vulnerability
# Date: 11.04.2010
# Author: Valentin
# Category: webapps/0day
# Version:
# Tested on:
# CVE:
# Code:
: General information
: Joomla Component Multi-Venue Restaurant Menu Manager SQL Injection Vulnerability
: By Valentin Hoebel
: Valentin@xenuser.org
: Product information
: Name = Multi-Venue Restaurant Menu Manager (MVRMM)
: Vendor = Focusplus Developments Ltd.
: Vendor Website = http://www.focusdev.co.uk/
: Affected versions = 1.5.2 Stable Update 3 and all previous versions
: SQL Injection Vulnerability
Vulnerable Parameter
"Mid"
Vulnerable URL
Http://some-cool-domain.tld/index.php? Option = com_mv_restaurantmenumanager & task = menu_display & Venue = XX & mid = XX & Itemid = XX
: Additional information
Exploitation can be a little bit tricky.
: Misc
Greetz & Thanks to the inj3ct0r team, Exploit DB, hack0wn and ExpBase! //