Joomla! Component com_formmaker 3.4 – SQL Injection

• Exploit Database
• 127 阅读

• 作者： Claudio Viviani
  日期： 2014-09-12
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/34637/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53

  ######################   # Exploit Title : Joomla Spider Form Maker <= 3.4 SQL Injection   # Exploit Author : Claudio Viviani   # Vendor Homepage : http://web-dorado.com/   # Software Link : http://web-dorado.com/products/joomla-form.html   # Dork Google: inurl:com_formmaker   # Date : 2014-09-07   # Tested on : Windows 7 / Mozilla Firefox # Linux / Mozilla Firefox   ######################   # PoC Exploit:   http://localhost/index.php?option=com_formmaker&view=formmaker&id=[SQLi]     "id" variable is not sanitized.     ######################   # Vulnerability Disclosure Timeline:   2014-09-07:Discovered vulnerability 2014-09-09:Vendor Notification 2014-09-10:Vendor Response/Feedback 2014-09-10:Vendor Fix/Patch 2014-09-10:Public Disclosure   #####################   Discovered By : Claudio Viviani http://www.homelab.it info@homelab.it homelabit@protonmail.ch   https://www.facebook.com/homelabit https://twitter.com/homelabit https://plus.google.com/+HomelabIt1/ https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww   #####################