Joomla com_training SQL Injection Vulnerability

2018.05.11
dz j!h4dDZ (DZ) dz
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

============================================================================ # Exploit Title: Joomla com_training SQL Injection Vulnerability # Date: 10-05-2018 # Exploit Author: j!h4dDZ # Tested on: Windows 7 ============================================================================ 1)---------- Search target with bing Dorking----------------------------- index.php?option=com_training&task=show&id= --------------------------------------------------------------------------- 2)--------------------Exploit the websites--------------------------------- -----------------------SQL Injection----------------------------------------- (PoC) http://localhost/index.php?option=com_training&task=show&id=3094 SQL Injection ---------------------------------------------------------------- http://aebb.fptic-consulting.com/index.php?option=com_training&task=show&id=1084 Injection http://www.fptic.com/index.php?option=com_training&task=show&id=159 Injection http://cofinanciado.fptic.com/index.php?option=com_training&task=show&id=309 Injection ------------------------------------------------------------------------------ cxsecurity.exploitalert .EXPLIO.DB


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top