Tuesday, September 20, 2011

Joomla Plugin Exploit + PHP Malware

Garden Store has a vulnerable version (1.1.7) of virtuemart (Joomla plugin) and through a blind sql injection we can retrieve administrator credentials.

We edit the main template and place into the footer tag a simple piece of code properly obfuscated to get user's credit cards data.



Reference:
- virtuemart exploit found by TecR0c & mr_me
- joomla hash cracker
- php obfuscator
- dopost source code
- getcc source code

4 comments:

  1. Great…Its Working…Really Good… its very useful for topic.Keep writing some more interesting topics like a Joomla Developer

    ReplyDelete
  2. Very interesting read. I have a lot of work and learning to do. Thanks!
    Joomla Developer

    ReplyDelete