Joomla YouBumpit 2.0 SQL Injection Vulnerability

2017-12-29T00:00:00
ID 1337DAY-ID-29325
Type zdt
Reporter Bilal Kardadou
Modified 2017-12-29T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ################################################
#Title: Joomla YouBumpit Extension 2.0 SQL Injection
#Credit: Bilal KARDADOU
#Vendor: http://www.youjoomla.com
#URL: http://extensions.youjoomla.info/youbumpit-extension.html
#Product: 'Joomla YouBumpit Extension 2.0'
#Extension type: Plugin
#Compatibility: J1.5 J1.7 J2.5 J3.X
#Google Dork: inurl:"/plugins/content/yj_bumpit/"
################################################
#
#  Description:
# Bump Bump and bump some more! How many times have you wished to have
extensions that can let your users vote for articles.
#       Stop your search and get your own Youbumpit plugin. It has
everything you need to spice up your stories and website.
#       This extension also comes with YouBumpit module that will list
latest bumped articles from Joomla or K2.
#
# GET -p [yj_vote]
#
http://127.0.0.1/youbumpit/plugins/content/yj_bumpit/yj_bumpit.php?yj_vote=112[SQL]&component=joomla_content&yj_time=1471524081
#
#
# PoC:
#  https://prnt.sc/hsueit
#
# Bilal KARDADOU - https://www.linkedin.com/in/kardadou/)
################################################

#  0day.today [2018-02-17]  #