Joomla YouBumpit 2.0 SQL Injection
Posted on 29 December 2017
################################################ #Title: Joomla YouBumpit Extension 2.0 SQL Injection #Credit: Bilal KARDADOU #Vendor: http://www.youjoomla.com #URL: http://extensions.youjoomla.info/youbumpit-extension.html #Product: 'Joomla YouBumpit Extension 2.0' #Extension type: Plugin #Compatibility: J1.5 J1.7 J2.5 J3.X #Google Dork: inurl:"/plugins/content/yj_bumpit/" ################################################ # # Description: # Bump Bump and bump some more! How many times have you wished to have extensions that can let your users vote for articles. # Stop your search and get your own Youbumpit plugin. It has everything you need to spice up your stories and website. # This extension also comes with YouBumpit module that will list latest bumped articles from Joomla or K2. # # GET -p [yj_vote] # http://127.0.0.1/youbumpit/plugins/content/yj_bumpit/yj_bumpit.php?yj_vote=112[SQL]&component=joomla_content&yj_time=1471524081 # # # PoC: # https://prnt.sc/hsueit # # Bilal KARDADOU - https://www.linkedin.com/in/kardadou/) ################################################
