Joomla YouBumpit 2.0 SQL Injection

2017.12.31
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

################################################ #Title: Joomla YouBumpit Extension 2.0 SQL Injection #Credit: Bilal KARDADOU #Vendor: http://www.youjoomla.com #URL: http://extensions.youjoomla.info/youbumpit-extension.html #Product: 'Joomla YouBumpit Extension 2.0' #Extension type: Plugin #Compatibility: J1.5 J1.7 J2.5 J3.X #Google Dork: inurl:"/plugins/content/yj_bumpit/" ################################################ # # Description: # Bump Bump and bump some more! How many times have you wished to have extensions that can let your users vote for articles. # Stop your search and get your own Youbumpit plugin. It has everything you need to spice up your stories and website. # This extension also comes with YouBumpit module that will list latest bumped articles from Joomla or K2. # # GET -p [yj_vote] # http://127.0.0.1/youbumpit/plugins/content/yj_bumpit/yj_bumpit.php?yj_vote=112[SQL]&component=joomla_content&yj_time=1471524081 # # # PoC: # https://prnt.sc/hsueit # # Bilal KARDADOU - https://www.linkedin.com/in/kardadou/) ################################################


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top