Joomla SP Movie Database component version 1.4 suffers from a remote SQL injection vulnerability.
df2ddb6994191abd090eebafe2dd84e8
######################################################################
# Exploit Title: SP Movie Database - SQL Injection Vulnerability
# Google Dork: inurl:option=com_spmoviedb
# Date: 29.12.2017
# Author: pwny
# Source Component :
https://extensions.joomla.org/extension/sp-movie-database/
# Version : 1.4
# Tested on: Kali Linux
# proof : https://ibb.co/cjdiZw
######################################################################
#
# Search Form in Home Page infected by SQLi
#
# Vulnerable Parameter : query=
#
#
http://127.0.0.1/path/index.php?option=com_ajax&module=spmoviedb_search&format=json
#
#POST : type=movies&query=[SQLi]
#
#proof : https://ibb.co/cjdiZw
#
#
######################
# Discovered by : Abdeljalil Nouiri (
https://linkedin.com/in/abdeljalil-nouiri-36a654143)
# Greetz : HackXore Team
######################