Garden Store has a vulnerable version (1.1.7) of virtuemart (Joomla plugin) and through a blind sql injection we can retrieve administrator credentials.
We edit the main template and place into the footer tag a simple piece of code properly obfuscated to get user's credit cards data.
- virtuemart exploit found by TecR0c & mr_me
- joomla hash cracker
- php obfuscator
- dopost source code
- getcc source code