Joomla Publisher 3.0.11 SQL Injection

2016.06.22

Credit: s0nk3y

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

# Exploit Title: Joomla com_publisher component SQL Injection vulnerability
# Exploit Author: s0nk3y
# Date: 21-06-2016
# Software Link: http://extensions.joomla.org/extension/publisher-pro
# CVE: N/A
# Category: webapps
# Version: All
# Tested on: Ubuntu 16.04

1. Description
Publisher Pro is the ultimate publishing platform for Joomla, turning your
site into a professional news portal or a magazine that people want to read!

2. Proof of Concept

Itemid Parameter Vulnerable To SQL Injection

http://server/index.php?option=com_publisher&view=issues&Itemid=[SQLI]&lang=en

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Joomla Publisher 3.0.11 SQL Injection

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Joomla Publisher 3.0.11 SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.