Joomla Affiliate Tracker 2.0.3 SQL Injection

2016-06-13T00:00:00
ID PACKETSTORM:137438
Type packetstorm
Reporter Mojtaba MobhaM
Modified 2016-06-13T00:00:00

Description

                                        
                                            `######################  
# Exploit Title : Joomla com_affiliatetracker - SQL Injection  
# Exploit Author : Persian Hack Team  
# Vendor Homepage : http://extensions.joomla.org/extension/affiliate-tracker  
# Category: [ Webapps ]  
# Tested on: [ Win ]  
# Version: 2.0.3  
# Date: 2016/06/13  
######################  
#  
# PoC:  
# First Login To Panel And Go To Affiliate Tracker  
# user_id[] Parameter Vulnerable to SQL Injection  
# Demo :  
# http://demo.joomlathat.com/administrator/index.php?option=com_affiliatetracker&controller=conversions&user_id=398%27  
# Image: http://www.uplooder.net/img/image/51/a4c21d46eac16c4646efbebaea7e551f/com-affiliatetracker.png  
#  
######################  
# Discovered by : Mojtaba MobhaM (kazemimojtaba@live.com)  
# Greetz : T3NZOG4N & FireKernel & Milad Hacking & JOK3R And All Persian Hack Team Members  
# Homepage : persian-team.ir  
######################   
`